General

  • Target

    decompiler for malware.zip

  • Size

    44.3MB

  • MD5

    2dea3e2ba3f760a30230cecdd758b19f

  • SHA1

    c86084d9d0645bd879910285b5d091a768e9e968

  • SHA256

    c06668c57a28ce1f77a222372c613231ef52348345154f2d49a9beaa1914bcc7

  • SHA512

    866fab871450ccd29d4cffbd7feb73271b2f1a9468a59f349f39ef076f9cb2b8acb0755d612d3ba0ba39fda145784bc96d098f845f085832414bbca985d37ba3

  • SSDEEP

    786432:q1Bwj3f725no6e1+HU8uGnDhOLhDR1d010Mj8mTVuIXpGlxHTmns1/QdAiKerBoi:qjm3fH6e1+08pt+vg0UTVvZAxzICQaDO

Malware Config

Signatures

  • A stealer written in Python and packaged with Pyinstaller 1 IoCs
  • Blankgrabber family
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Detects Pyinstaller 2 IoCs
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • decompiler for malware.zip
    .zip
  • Built.exe
    .exe windows:5 windows x64 arch:x64

    f4f2e2b03fe5666a721620fcea3aea9b


    Code Sign

    Headers

    Imports

    Sections

  • +(^�a;�.pyc
  • Comet BETA.exe
    .exe windows:5 windows x64 arch:x64

    023abd09c65289e3a2df4aa2b19cccec


    Headers

    Imports

    Sections

  • ocofkso.pyc
  • GeFrost Exucutor.exe
    .exe windows:5 windows x64 arch:x64

    f4f2e2b03fe5666a721620fcea3aea9b


    Headers

    Imports

    Sections

  • creal.pyc
  • decompiler for malware/Grabbers-Deobfuscator-main/.gitignore
  • decompiler for malware/Grabbers-Deobfuscator-main/README.md
  • decompiler for malware/Grabbers-Deobfuscator-main/config.json
  • decompiler for malware/Grabbers-Deobfuscator-main/deobf.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/ben.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/blank.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/empyrean.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/luna.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/notobf.py
  • decompiler for malware/Grabbers-Deobfuscator-main/methods/other.py
  • decompiler for malware/Grabbers-Deobfuscator-main/requirements.txt
  • decompiler for malware/Grabbers-Deobfuscator-main/tutorial.gif
    .gif
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/fernflower.jar
    .jar
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdas
    .elf linux x64
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdas.exe
    .exe windows:6 windows x64 arch:x64

    a0b986748fb3b79f1afa27913520271f


    Headers

    Imports

    Sections

  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdc
    .elf linux x64
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/pycdc.exe
    .exe windows:6 windows x64 arch:x64

    8933a45a4654b688012d7770158aef33


    Headers

    Imports

    Sections

  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/upx
    .elf linux x64
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/bin/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • decompiler for malware/Grabbers-Deobfuscator-main/utils/config.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/decompile.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/deobfuscation.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/display.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/download.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyaes/__init__.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyaes/aes.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyaes/blockfeeder.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyaes/util.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyinstaller/extractors/pyinstxtractor.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyinstaller/extractors/pyinstxtractorng.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyinstaller/pyinstaller.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/pyinstaller/pyinstallerExceptions.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/telegram.py
  • decompiler for malware/Grabbers-Deobfuscator-main/utils/webhookspammer.py