blankgrabber | SoIaraInject[.]exe | Triage

Resubmissions

02-09-2024 22:08

240902-12lqhazclc 10

02-09-2024 22:06

240902-11g1xsybrq 10

02-09-2024 22:06

240902-1z8ggszbrd 10

02-09-2024 21:14

240902-z3fefayclb 10

02-08-2024 17:47

240802-wcxdgsybqd 10

01-08-2024 08:13

240801-j4ksjs1arn 10

01-08-2024 08:09

240801-j2mt5avdrd 10

01-08-2024 08:05

240801-jzbzvavdjd 10

01-08-2024 06:46

240801-hjng9s1gnb 10

Sharing

General

Target

SoIaraInject.exe
Size

7.3MB
MD5

d726784827b2fdff247cada39b35a0df
SHA1

ed45d4edfd8c7a54e5da168090c32cbdee6bc75c
SHA256

90f97efbd57639792989bb9b00801f48f2ae0ce3c7a79f41b58c4998e439ac47
SHA512

af958f62cbfde14dcd6363b23e3f1ed771f37f31427a7969da25d601117c918d86113fcc989d03eb6eceeee6b8d8f089997e5c1b9733de6c4ec7b67040071ac6
SSDEEP

98304:wxo7x9XQsaIurErvz81LpWjjOI50ZtPvYRt2e4GFNGjqdiHbIbApJoUE5KhOC11x:Eo9VnurErvI9pWjy9PvzmTE0s9Ew4A7

Score

10^/10

upx blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/浆�ZVd.pyc	blankgrabber

Blankgrabber family
blankgrabber

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SoIaraInject.exe

Files

SoIaraInject.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
浆�ZVd.pyc