Date: 04/10/2026
Severity: High
Summary
BlankGrabber is a Python-based information stealer designed to extract sensitive data such as browser credentials, session tokens, and system details. Discovered in 2023 by security researchers, it is known for its modular design and fast evolution to evade detection. The malware is commonly spread through social engineering and phishing campaigns. Typical delivery methods include cracked software, malicious Discord files, and fake GitHub repositories posing as legitimate tools. Once executed, it maintains persistence and sends stolen data to attacker-controlled command-and-control servers.
Indicators of Compromise (IOC) List
CVE : | CVE-2024-27198 CVE-2024-27199 |
Hash : | 4317201817b69553c0120ea4053da8ec
2321100d9c75f80a6eb539d7b88214e517525502
268d12a71b7680e97a4223183a98b565cc73bbe2ab99dfe2140960cc6be0fc87
ac36b970704881c7656e8fdd7e8c532e22896b97a47acef5ca624d7701bf991
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | md5hash IN ("4317201817b69553c0120ea4053da8ec")
|
Detection Query 2 : | sha1hash IN ("2321100d9c75f80a6eb539d7b88214e517525502")
|
Detection Query 3 : | sha256hash IN ("268d12a71b7680e97a4223183a98b565cc73bbe2ab99dfe2140960cc6be0fc87","ac36b970704881c7656e8fdd7e8c532e22896b97a47acef5ca624d7701bf991")
|
Reference:
https://www.splunk.com/en_us/blog/security/blankgrabber-trojan-stealer-analysis-detection.html
https://otx.alienvault.com/pulse/69c643beac5889d953fd8ba4