blankgrabber | d0cbdcb8b64ac6fec53f1141b0dc2cb95a797973da88a9e5f5869e56ff00c98c | Triage

Submit
Reports

Overview

overview

Static

static

Boostrapper.exe

windows10-2004-x64

8

Boostrapper.exe

windows11-21h2-x64

8

��E�|�{.pyc

windows10-2004-x64

��E�|�{.pyc

windows11-21h2-x64

Sharing

General

Target

Boostrapper.exe
Size

40.6MB
Sample

240824-3p5zqaxhkl
MD5

d777fc6149930afc4ba10323740d7a41
SHA1

f59e3454392c33247d8711df24038c4b2e6bc31f
SHA256

d0cbdcb8b64ac6fec53f1141b0dc2cb95a797973da88a9e5f5869e56ff00c98c
SHA512

44fc0f8bad392106504e749cb6b33fa716d58c9aa8364813c83b2137f777c698747ab2fefec14911f73a62c9681f3b32ef371374cfd2c2f3f0bc35dd9c34a972
SSDEEP

786432:ddBJEM9tbOO+k9H+7qmRb78RXkUkJvHKsxnaSgg20V9qy/pW6KV:dZEcYKe7PROXWJSsFaRyhHKV

Score

10^/10

blankgrabber collection discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Boostrapper.exe

Resource

win10v2004-20240802-en

collection discovery execution upx

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Boostrapper.exe

Resource

win11-20240802-en

collection discovery execution upx

windows11-21h2-x64

14 signatures

150 seconds

Behavioral task

behavioral3

Sample

��E�|�{.pyc

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

��E�|�{.pyc

Resource

win11-20240802-en

windows11-21h2-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Boostrapper.exe
- Size
  
  40.6MB
- MD5
  
  d777fc6149930afc4ba10323740d7a41
- SHA1
  
  f59e3454392c33247d8711df24038c4b2e6bc31f
- SHA256
  
  d0cbdcb8b64ac6fec53f1141b0dc2cb95a797973da88a9e5f5869e56ff00c98c
- SHA512
  
  44fc0f8bad392106504e749cb6b33fa716d58c9aa8364813c83b2137f777c698747ab2fefec14911f73a62c9681f3b32ef371374cfd2c2f3f0bc35dd9c34a972
- SSDEEP
  
  786432:ddBJEM9tbOO+k9H+7qmRb78RXkUkJvHKsxnaSgg20V9qy/pW6KV:dZEcYKe7PROXWJSsFaRyhHKV
Score

8^/10

collection discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  ��E�|�{.pyc
- Size
  
  1KB
- MD5
  
  b4452c0a616c0907c7cef4c79fd580c2
- SHA1
  
  aa89d959199abbf859bb78b64f194cdc51d01d81
- SHA256
  
  339c8fa213f725aae1b0a53cba96370bbd8e54258ac48d145662b15712035ae6
- SHA512
  
  d122df0f6ad7146d2c7f15f7b19a30501e76edc08531d875a3dae26b9a826a65dc72ef3a569a0fc9eb9ae08ebc675ad2fbaed3ccbb085e412eb1134f772bf0e1
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryexecutionupx

behavioral2

collectiondiscoveryexecutionupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.