blankgrabber | f9e0409810ad0093917c0006420bb5a051ec19949c7128296192a04a93f85794 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

D-Delusion...on.exe

windows10-1703-x64

D-Delusion...on.exe

windows11-21h2-x64

8

Sharing

General

Target

D-Delusion.rar
Size

7.3MB
Sample

240526-23ffjsgc87
MD5

e353afe3cc54217216ba4aba2e7bd777
SHA1

3259b7cd72bb864ec14494ce956cb11f6af5ad28
SHA256

f9e0409810ad0093917c0006420bb5a051ec19949c7128296192a04a93f85794
SHA512

0ea0521e4b1b7b10709fccecefd743553d87105b761c4a69933999741f2c7a7fdfe2bf0c181576bb613ad927a2cc7c75b891b7d1498f2d9e690e64c881caf3cd
SSDEEP

196608:YgiA4i1xM0WIwaLCeowJUyux6gFNWgRobvfDZM:xki1WCLCX8HskgmjZM

Score

10^/10

blankgrabber evasion execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

D-Delusion/Delusion.exe

Resource

win10-20240404-en

evasion execution spyware stealer upx

windows10-1703-x64

17 signatures

600 seconds

Behavioral task

behavioral2

Sample

D-Delusion/Delusion.exe

Resource

win11-20240508-en

execution spyware stealer upx

windows11-21h2-x64

16 signatures

600 seconds

Malware Config

Targets

- Target
  
  D-Delusion/Delusion.exe
- Size
  
  7.5MB
- MD5
  
  f8c63eca8b26883c30d2240008b07150
- SHA1
  
  ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51
- SHA256
  
  1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4
- SHA512
  
  8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70
- SSDEEP
  
  196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9
Score

10^/10

evasion execution spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionspywarestealerupx

behavioral2

executionspywarestealerupx

© 2018-2025

Terms | Privacy