Behavioral task
behavioral1
Sample
4f6b982438ed1c63812c8ab949443430N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4f6b982438ed1c63812c8ab949443430N.exe
Resource
win10v2004-20240802-en
General
-
Target
4f6b982438ed1c63812c8ab949443430N.exe
-
Size
6.9MB
-
MD5
4f6b982438ed1c63812c8ab949443430
-
SHA1
dc5b4b730b4b018ff0d8f49261ebd1c24a5497a1
-
SHA256
7a48f714bcc19f69ee2fb59edd6fc8d3407be3ac7a1c319ae90b555342c3f77a
-
SHA512
75db406b94b53233ce96d817eaf455be6d3673c4c9eb2ffc06eb293e36fdbde5e58f56fe00ba32b6202e9a59592f4ac3dc8db15f474d1f5b4c0fb95dfb8ee4eb
-
SSDEEP
98304:sBqkwN+MdA5wqMqz8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLt:sBqV1BB6ylnlPzf+JiJCsmFMvcn6hVvh
Malware Config
Signatures
-
A stealer written in Python and packaged with Pyinstaller 1 IoCs
resource yara_rule static1/unpack001/��C��.pyc blankgrabber -
Blankgrabber family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4f6b982438ed1c63812c8ab949443430N.exe
Files
-
4f6b982438ed1c63812c8ab949443430N.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 384KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 125KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 208KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
��C��.pyc