General
-
Target
BlitzedGrabberV12.rar
-
Size
4.9MB
-
Sample
230401-2graxsdb43
-
MD5
a6415290a380a738397747b22da4e567
-
SHA1
46d8179f2172231c16e10e8ab9c8ff2e010617b3
-
SHA256
fa71b763a6999f02809003fd0fb3cd2bb908c1829effe7dea9011d144acaae90
-
SHA512
9a859ab9a5a97a98eb62e5b8e526b4c98d05f54adc7aa0b1a82faada89e0e7f218e6aa49f8e0e50cc663f3400b694fefe24e9ad590462f64fdb96147029a8af0
-
SSDEEP
98304:5gjqpma+AcLM3QLJf5JnYAV5fdBgn3bk9zhuKBSwTsZXcY:Nb+AcLHL5nYAjzgLk9zhuuSwTsZsY
Static task
static1
Behavioral task
behavioral1
Sample
BlitzedGrabberV12/BlitzedGrabberV12.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
BlitzedGrabberV12/BlitzedGrabberV12.exe.xml
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
BlitzedGrabberV12/Resources/APIFOR.dll
Resource
win10-20230220-en
Behavioral task
behavioral4
Sample
BlitzedGrabberV12/Resources/BouncyCastle.Crypto.dll
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
BlitzedGrabberV12/Resources/Newtonsoft.Json.dll
Resource
win10-20230220-en
Behavioral task
behavioral6
Sample
BlitzedGrabberV12/Resources/UltraEmbeddable.exe
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
BlitzedGrabberV12/BlitzedGrabberV12.exe
-
Size
4.0MB
-
MD5
856b9c1e5a8950bcf2bfe827fe80a1e6
-
SHA1
bc0eaad77dba05eed87a6119463e181fa383a3c3
-
SHA256
58a728dd2cacc59990885146dd0e26007c246e12f18692a54a3ce6baef884543
-
SHA512
5c041666c430d669aa73b197a2638f99f8ac21d2f0ecb99bf853c7cf914f7a8d1bb7a4e0bed5e0eb2da5a070036758400b11675186d6543d9c491466318e514e
-
SSDEEP
98304:zxpgcq4cxX/JsNpnm6h200FmFj/r49wi73fW:zrnN9fh200gl/E/jf
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
BlitzedGrabberV12/BlitzedGrabberV12.exe.Config
-
Size
199B
-
MD5
02bafe634a181de6af59ecfb1a9a7230
-
SHA1
5fb944dc91a95007795d83f2037cfe42f0d959f0
-
SHA256
6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470
-
SHA512
3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362
Score1/10 -
-
-
Target
BlitzedGrabberV12/Resources/APIFOR.DLL
-
Size
13KB
-
MD5
91b4d211faddb0ebc64fb000d75d96c1
-
SHA1
ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c
-
SHA256
e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de
-
SHA512
3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919
-
SSDEEP
192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa
Score1/10 -
-
-
Target
BlitzedGrabberV12/Resources/BouncyCastle.Crypto.dll
-
Size
2.5MB
-
MD5
3551343fab213740bbb022e3a6dcf27b
-
SHA1
de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
-
SHA256
5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
-
SHA512
e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42
-
SSDEEP
49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0
Score1/10 -
-
-
Target
BlitzedGrabberV12/Resources/Newtonsoft.Json.dll
-
Size
492KB
-
MD5
5e02ddaf3b02e43e532fc6a52b04d14b
-
SHA1
67f0bd5cfa3824860626b6b3fff37dc89e305cec
-
SHA256
78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
-
SHA512
38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c
-
SSDEEP
12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH
Score1/10 -
-
-
Target
BlitzedGrabberV12/Resources/UltraEmbeddable.exe
-
Size
465KB
-
MD5
b6b77d0798d39d7fadd69784c4e47c30
-
SHA1
967af699bd9e0f2f20b0743323e5cdd6c3767ea2
-
SHA256
e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8
-
SHA512
5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6
-
SSDEEP
12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO
Score3/10 -