729c2c5ba395ea043061650dae5c184c10ad288bf0b458dbb30f4837e8b25e9e | Triage

Submit
Reports

Overview

overview

7

Static

static

1

BlitzedGrabberV12.exe

windows7-x64

7

BlitzedGrabberV12.exe

windows10-2004-x64

7

Sharing

General

Target

BlitzedGrabberV12.exe
Size

2.6MB
Sample

230320-lb42tscg29
MD5

7e8af75409c8c12e267b3011320cb4e6
SHA1

d0b90d69b340c0eb2f37a4945b894a20467dd132
SHA256

729c2c5ba395ea043061650dae5c184c10ad288bf0b458dbb30f4837e8b25e9e
SHA512

440ed601073dcfa9a76b4b5693c5ad0790cd5093f8d8c6dc28275cb7146f2d98e95575d5b05bed402c47b10cbe3d98b0eec49036e9de847182ccc3c386f76e17
SSDEEP

49152:8nsHyjtk2MYC5GDQmAznU4n9t2ELj18p4BDifoM83ig9Apl14yGN:8nsmtk2au49wi73fWcb

Score

7^/10

agilenet persistence

Static task

static1

Behavioral task

behavioral1

Sample

BlitzedGrabberV12.exe

Resource

win7-20230220-en

agilenet persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BlitzedGrabberV12.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  BlitzedGrabberV12.exe
- Size
  
  2.6MB
- MD5
  
  7e8af75409c8c12e267b3011320cb4e6
- SHA1
  
  d0b90d69b340c0eb2f37a4945b894a20467dd132
- SHA256
  
  729c2c5ba395ea043061650dae5c184c10ad288bf0b458dbb30f4837e8b25e9e
- SHA512
  
  440ed601073dcfa9a76b4b5693c5ad0790cd5093f8d8c6dc28275cb7146f2d98e95575d5b05bed402c47b10cbe3d98b0eec49036e9de847182ccc3c386f76e17
- SSDEEP
  
  49152:8nsHyjtk2MYC5GDQmAznU4n9t2ELj18p4BDifoM83ig9Apl14yGN:8nsmtk2au49wi73fWcb
Score

7^/10

agilenet persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetpersistence

behavioral2

© 2018-2024

Terms | Privacy