Overview

overview

8

Static

static

8

Blank-Grab...er.bat

windows7-x64

7

Blank-Grab...er.bat

windows10-2004-x64

1

Blank-Grab...OBF.py

windows7-x64

3

Blank-Grab...OBF.py

windows10-2004-x64

3

Blank-Grab...10.pyc

windows7-x64

3

Blank-Grab...10.pyc

windows10-2004-x64

3

Blank-Grab...10.pyc

windows7-x64

3

Blank-Grab...10.pyc

windows10-2004-x64

3

Blank-Grab...10.pyc

windows7-x64

3

Blank-Grab...10.pyc

windows10-2004-x64

3

Blank-Grab...der.py

windows7-x64

3

Blank-Grab...der.py

windows10-2004-x64

3

Blank-Grab...ess.py

windows7-x64

3

Blank-Grab...ess.py

windows10-2004-x64

3

Blank-Grab...ess.py

windows7-x64

3

Blank-Grab...ess.py

windows10-2004-x64

3

Blank-Grab...ar.exe

windows7-x64

3

Blank-Grab...ar.exe

windows10-2004-x64

3

Blank-Grab...un.bat

windows7-x64

1

Blank-Grab...un.bat

windows10-2004-x64

1

Blank-Grab...ief.py

ubuntu-18.04-amd64

1

Blank-Grab...ief.py

debian-9-armhf

1

Blank-Grab...ief.py

debian-9-mips

1

Blank-Grab...ief.py

debian-9-mipsel

1

Blank-Grab...tub.py

windows7-x64

3

Blank-Grab...tub.py

windows10-2004-x64

3

Blank-Grab...px.exe

windows7-x64

7

Blank-Grab...px.exe

windows10-2004-x64

7

Blank-Grab...tes.py

windows7-x64

3

Blank-Grab...tes.py

windows10-2004-x64

3

Blank-Grab...gui.py

windows7-x64

3

Blank-Grab...gui.py

windows10-2004-x64

3

Resubmissions

13/07/2024, 23:11 UTC

240713-26p46asgld 8

13/07/2024, 20:33 UTC

240713-zb9h7swdpk 8

11/07/2024, 21:44 UTC

240711-1lnj6axfpd 8

11/07/2024, 21:32 UTC

240711-1d16aaxcrf 8

11/07/2024, 21:29 UTC

240711-1b5qpaxcke 8

11/07/2024, 21:25 UTC

240711-z9kmqsvcnm 8

11/07/2024, 21:22 UTC

240711-z7xvaavbrp 8

11/07/2024, 21:20 UTC

240711-z6q1cavbmj 8

11/07/2024, 21:16 UTC

240711-z4v7aawhrd 8

Analysis

  • max time kernel
    148s
  • max time network
    275s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 21:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Blank-Grabber-main/Blank Grabber/Components/loader.py

  • Size

    634B

  • MD5

    ca35548638710a32f6d4bc1a61a103c5

  • SHA1

    2703967c4376cc2e0ca20191eff97b85989d8310

  • SHA256

    e7dbfe873c719006f28e6526ef54215d7b7598bce5566734c552dab9f1f487e6

  • SHA512

    d1c0839326662b240dfa4bcea7284d261be46e9bb8b03f073e0328e361321f9cdfa740abd4541b2cdc21c806bcd901d3bc3cc36b9f7e0ee6191d189df0533061

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py"
    1⤵
    • Modifies registry class
    PID:2720
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4852

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    20.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    74.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    20.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    20.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    21.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    21.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    40.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    40.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.