blankgrabber | 5e731882e3fc973da923cd68052f1036c07cf6e1e97265f5670b13b344ec0b6a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

CC generat...en.exe

windows7-x64

7

CC generat...en.exe

windows10-2004-x64

8

Sharing

General

Target

CCgenerator.rar
Size

13.7MB
Sample

240603-h8jwdahb62
MD5

e1d8a5f7a5041ec4e660196c101dcc6e
SHA1

dfb1954f411249874e14b2109557a24e6d860053
SHA256

5e731882e3fc973da923cd68052f1036c07cf6e1e97265f5670b13b344ec0b6a
SHA512

bda03509cbe95fc48b0bb2a7de72c49ee52d3eb9edde9953d3e79a59ba5d7a4baf0e41210198927d566738661a86c2a02a8e65c2fa85ac0749ab7945244e6e76
SSDEEP

393216:J6UUVLJ60VpNRW9sJFyRhuYiqlB34qvij9dhXkYLfYk0JZm8jjd:axJyDufGB34KskmEJgOjd

Score

10^/10

blankgrabber execution pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

CC generator/Zeo Gen.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

CC generator/Zeo Gen.exe

Resource

win10v2004-20240508-en

execution pyinstaller spyware stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  CC generator/Zeo Gen.exe
- Size
  
  13.8MB
- MD5
  
  e401b8a0ff33bbd9fac216a4dcc58dc8
- SHA1
  
  8ec49af3c3efa518b5f0b8e35f1bbc9503567d35
- SHA256
  
  8ea82f3c6f29a82aaaec3a35f4cfd9227d532446a651947a3033c5ae5e8510b9
- SHA512
  
  73236c79c1ba371411dfede0a6f6b329a52326d93cf6c75c90e32e7a162f64b68b19d64e85f7ec3424191b89e2e585a25db1dc4253a204b7fe8c060963643eb2
- SSDEEP
  
  393216:0YS6kNaS/r076UJOshouIkPftRL54YRJY:0YS6kN/lUkwouTtRLzY
Score

8^/10

upx execution pyinstaller spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionpyinstallerspywarestealerupx

© 2018-2025

Terms | Privacy