General
-
Target
BlitzedGrabberV12.exe
-
Size
2.6MB
-
Sample
230320-lb42tscg29
-
MD5
7e8af75409c8c12e267b3011320cb4e6
-
SHA1
d0b90d69b340c0eb2f37a4945b894a20467dd132
-
SHA256
729c2c5ba395ea043061650dae5c184c10ad288bf0b458dbb30f4837e8b25e9e
-
SHA512
440ed601073dcfa9a76b4b5693c5ad0790cd5093f8d8c6dc28275cb7146f2d98e95575d5b05bed402c47b10cbe3d98b0eec49036e9de847182ccc3c386f76e17
-
SSDEEP
49152:8nsHyjtk2MYC5GDQmAznU4n9t2ELj18p4BDifoM83ig9Apl14yGN:8nsmtk2au49wi73fWcb
Static task
static1
Behavioral task
behavioral1
Sample
BlitzedGrabberV12.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BlitzedGrabberV12.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BlitzedGrabberV12.exe
-
Size
2.6MB
-
MD5
7e8af75409c8c12e267b3011320cb4e6
-
SHA1
d0b90d69b340c0eb2f37a4945b894a20467dd132
-
SHA256
729c2c5ba395ea043061650dae5c184c10ad288bf0b458dbb30f4837e8b25e9e
-
SHA512
440ed601073dcfa9a76b4b5693c5ad0790cd5093f8d8c6dc28275cb7146f2d98e95575d5b05bed402c47b10cbe3d98b0eec49036e9de847182ccc3c386f76e17
-
SSDEEP
49152:8nsHyjtk2MYC5GDQmAznU4n9t2ELj18p4BDifoM83ig9Apl14yGN:8nsmtk2au49wi73fWcb
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-