Overview

overview

10

Static

static

10

tools/Blue....5.exe

windows7-x64

7

tools/Blue....5.exe

windows10-2004-x64

8

tools/Mang...UI.exe

windows7-x64

7

tools/Mang...UI.exe

windows10-2004-x64

8

tools/Mang...UI.exe

windows7-x64

1

tools/Mang...UI.exe

windows10-2004-x64

8

tools/SAS/...te.exe

windows7-x64

7

tools/SAS/...te.exe

windows10-2004-x64

8

tools/Xdg/...47.dll

windows7-x64

1

tools/Xdg/...47.dll

windows10-2004-x64

8

tools/Xdg/Qt5Core.dll

windows7-x64

1

tools/Xdg/Qt5Core.dll

windows10-2004-x64

8

tools/Xdg/Qt5Gui.dll

windows7-x64

1

tools/Xdg/Qt5Gui.dll

windows10-2004-x64

8

tools/Xdg/Qt5Svg.dll

windows7-x64

1

tools/Xdg/Qt5Svg.dll

windows10-2004-x64

8

tools/Xdg/...ts.dll

windows7-x64

1

tools/Xdg/...ts.dll

windows10-2004-x64

8

tools/Xdg/XDumpGO.exe

windows7-x64

7

tools/Xdg/XDumpGO.exe

windows10-2004-x64

8

tools/Xdg/...on.dll

windows7-x64

1

tools/Xdg/...on.dll

windows10-2004-x64

8

tools/Xdg/...if.dll

windows7-x64

1

tools/Xdg/...if.dll

windows10-2004-x64

8

tools/Xdg/...ns.dll

windows7-x64

1

tools/Xdg/...ns.dll

windows10-2004-x64

8

tools/Xdg/...co.dll

windows7-x64

1

tools/Xdg/...co.dll

windows10-2004-x64

8

tools/Xdg/...eg.dll

windows7-x64

1

tools/Xdg/...eg.dll

windows10-2004-x64

8

tools/Xdg/...vg.dll

windows7-x64

1

tools/Xdg/...vg.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tools.zip

  • Size

    93.0MB

  • MD5

    f7eb276aa6e23ae65dccd83bdd65ee1e

  • SHA1

    c968830ef1481c908970de001c4996961579db1c

  • SHA256

    aa9fea628399566aea6b47fae693e037e22fba51902b37d525880f10cf5ee50f

  • SHA512

    cc9c5bdbe4cdd96452bb316e5956c3b54344b0df37c2f5662dcb815adc5cea6628bdb7c17f4bc8fb1f24fbc54265530dafa1ef529f2ceeab6254d160c498acaa

  • SSDEEP

    1572864:jI/szqDS0PpnNJxNmnjdRt/S1FLek4zJFiXV032kDqVWO85EArEsj+tU:c60VNzcnjdRtKfeQK32kx2UEsyO

Score
10/10
blankgrabber

Malware Config

Signatures

  • A stealer written in Python and packaged with Pyinstaller 3 IoCs
  • Blankgrabber family
    blankgrabber
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • tools.zip
    .zip

    Password: dumperscrew

  • tools/BlueCode Hash Finder/BlueCode_HashFinder_Lite_2.5.exe
    .exe windows:6 windows x64 arch:x64

    Password: dumperscrew

    72c4e339b7af8ab1ed2eb3821c98713a


    Code Sign

    Headers

    Imports

    Sections

  • �C5E�.pyc
  • tools/Mango/MangoKeywordsGUI.exe.exe
    .exe windows:6 windows x64 arch:x64

    Password: dumperscrew

    72c4e339b7af8ab1ed2eb3821c98713a


    Code Sign

    Headers

    Imports

    Sections

  • .�5�Q.pyc
  • tools/Mango/MangoKeywordsTUI.exe
    .exe windows:6 windows x64 arch:x64

    Password: dumperscrew

    d721d174ff2a039a78f2aee68ce56c7f


    Headers

    Imports

    Sections

  • tools/Mango/antipublic
  • tools/Mango/config.yml
  • tools/Mango/dork maker/domains.txt
  • tools/Mango/dork maker/dork_types.txt
  • tools/Mango/dork maker/page_types.txt
  • tools/Mango/dork maker/search_functions.txt
  • tools/SAS/SwissArmySuite.exe
    .exe windows:6 windows x64 arch:x64

    Password: dumperscrew

    72c4e339b7af8ab1ed2eb3821c98713a


    Code Sign

    Headers

    Imports

    Sections

  • �ꠤO<.pyc
  • tools/SAS/antipub.db
  • tools/SAS/config.json
  • tools/Xdg/D3Dcompiler_47.dll
    .dll windows:6 windows x64 arch:x64

    Password: dumperscrew

    2ce80dc262aecd9b9f45ee13d6b30c08


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/Qt5Core.dll
    .dll windows:4 windows x64 arch:x64

    Password: dumperscrew

    b7ac1f6bc8d5bde8deea38e9becbff05


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/Qt5Gui.dll
    .dll windows:4 windows x64 arch:x64

    Password: dumperscrew

    b192b7a223ad8e5f7bebfd2048125db2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/Qt5Svg.dll
    .dll windows:4 windows x64 arch:x64

    Password: dumperscrew

    1b3e826d61c2f23d106a38573ef5c948


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/Qt5Widgets.dll
    .dll windows:4 windows x64 arch:x64

    bfceba1ec7cd998737e020f4612d0f7d


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/XDumpGO.exe
    .exe windows:6 windows x64 arch:x64

    72c4e339b7af8ab1ed2eb3821c98713a


    Code Sign

    Headers

    Imports

    Sections

  • tools/Xdg/all.txt
  • tools/Xdg/ap.db
  • tools/Xdg/config.json
  • tools/Xdg/iconengines/qsvgicon.dll
    .dll windows:4 windows x64 arch:x64

    b077a8cc9d0019528b23cbf254e4ad4b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qgif.dll
    .dll windows:4 windows x64 arch:x64

    4329ef02212194427be44a36e0b9a121


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qicns.dll
    .dll windows:4 windows x64 arch:x64

    10d9b698ddb07a2fd3705f32d5790c63


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qico.dll
    .dll windows:4 windows x64 arch:x64

    6b05618cc8a008ebc8833ded1ed2aa60


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qjpeg.dll
    .dll windows:4 windows x64 arch:x64

    8df33cd6e02f67d2b98520b1edfe03da


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qsvg.dll
    .dll windows:4 windows x64 arch:x64

    6f65fb0cf0449facddbfc1671c62c47e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qtga.dll
    .dll windows:4 windows x64 arch:x64

    205a8e82b8dc38d9ed8492a53a119707


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qtiff.dll
    .dll windows:4 windows x64 arch:x64

    ab6717420fe07c98b487e22dab9c49d0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qwbmp.dll
    .dll windows:4 windows x64 arch:x64

    9751f719631286f37a41d22090e35bfd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/imageformats/qwebp.dll
    .dll windows:4 windows x64 arch:x64

    34b624b4badc306a57f11d7b395f42d2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/libEGL.dll
    .dll windows:4 windows x64 arch:x64

    eb91385afce4cfa47954ba8506eeb2bd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/libGLESV2.dll
    .dll windows:4 windows x64 arch:x64

    dc80800d96a4e83457229bbf61bc051c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/libgcc_s_seh-1.dll
    .dll windows:4 windows x64 arch:x64

    b8547353b6beb87cf7560462f9aacd11


    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/libstdc++-6.dll
    .dll windows:4 windows x64 arch:x64

    2ef0ef5b02a4c5c00c38f44ef05e3590


    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/libwinpthread-1.dll
    .dll windows:4 windows x64 arch:x64

    dd7ccacfff5cb681a985c52c384afacb


    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/opengl32sw.dll
    .dll windows:6 windows x64 arch:x64

    7c204a15e246f025a7513db5a566a6e9


    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/platforms/qwindows.dll
    .dll windows:4 windows x64 arch:x64

    f2da56ed0baa3e99a91acffa533db2e7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/styles/qwindowsvistastyle.dll
    .dll windows:4 windows x64 arch:x64

    fb7a74935a4141e9268a43927b7d5a71


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • tools/Xdg/translations/qt_ar.qm
  • tools/Xdg/translations/qt_bg.qm
  • tools/Xdg/translations/qt_ca.qm
  • tools/Xdg/translations/qt_cs.qm
  • tools/Xdg/translations/qt_da.qm
  • tools/Xdg/translations/qt_de.qm
  • tools/Xdg/translations/qt_en.qm
  • tools/Xdg/translations/qt_es.qm
  • tools/Xdg/translations/qt_fi.qm
  • tools/Xdg/translations/qt_fr.qm
  • tools/Xdg/translations/qt_gd.qm
  • tools/Xdg/translations/qt_he.qm
  • tools/Xdg/translations/qt_hu.qm
  • tools/Xdg/translations/qt_it.qm
  • tools/Xdg/translations/qt_ja.qm
  • tools/Xdg/translations/qt_ko.qm
  • tools/Xdg/translations/qt_lv.qm
  • tools/Xdg/translations/qt_pl.qm
  • tools/Xdg/translations/qt_ru.qm
  • tools/Xdg/translations/qt_sk.qm
  • tools/Xdg/translations/qt_uk.qm
  • tools/Xdg/translations/qt_zh_TW.qm
  • tools/Xdg/xdgo-x86.exe
    .exe windows:6 windows x64 arch:x64

    b9d4eeaa3db6d040b2759a7208504f5c


    Headers

    Imports

    Exports

    Sections