Overview

overview

10

Static

static

1

BlitzedGra...12.exe

windows10-1703-x64

10

BlitzedGra...xe.xml

windows10-1703-x64

1

BlitzedGra...OR.dll

windows10-1703-x64

1

BlitzedGra...to.dll

windows10-1703-x64

1

BlitzedGra...on.dll

windows10-1703-x64

1

BlitzedGra...le.exe

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlitzedGrabberV12.rar

  • Size

    4.9MB

  • Sample

    230401-2graxsdb43

  • MD5

    a6415290a380a738397747b22da4e567

  • SHA1

    46d8179f2172231c16e10e8ab9c8ff2e010617b3

  • SHA256

    fa71b763a6999f02809003fd0fb3cd2bb908c1829effe7dea9011d144acaae90

  • SHA512

    9a859ab9a5a97a98eb62e5b8e526b4c98d05f54adc7aa0b1a82faada89e0e7f218e6aa49f8e0e50cc663f3400b694fefe24e9ad590462f64fdb96147029a8af0

  • SSDEEP

    98304:5gjqpma+AcLM3QLJf5JnYAV5fdBgn3bk9zhuKBSwTsZXcY:Nb+AcLHL5nYAjzgLk9zhuuSwTsZsY

Score
10/10
xmrigagilenetminerupx

Malware Config

Targets

    • Target

      BlitzedGrabberV12/BlitzedGrabberV12.exe

    • Size

      4.0MB

    • MD5

      856b9c1e5a8950bcf2bfe827fe80a1e6

    • SHA1

      bc0eaad77dba05eed87a6119463e181fa383a3c3

    • SHA256

      58a728dd2cacc59990885146dd0e26007c246e12f18692a54a3ce6baef884543

    • SHA512

      5c041666c430d669aa73b197a2638f99f8ac21d2f0ecb99bf853c7cf914f7a8d1bb7a4e0bed5e0eb2da5a070036758400b11675186d6543d9c491466318e514e

    • SSDEEP

      98304:zxpgcq4cxX/JsNpnm6h200FmFj/r49wi73fW:zrnN9fh200gl/E/jf

    Score
    10/10
    xmrigagilenetminerupx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      BlitzedGrabberV12/BlitzedGrabberV12.exe.Config

    • Size

      199B

    • MD5

      02bafe634a181de6af59ecfb1a9a7230

    • SHA1

      5fb944dc91a95007795d83f2037cfe42f0d959f0

    • SHA256

      6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470

    • SHA512

      3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362

    Score
    1/10
    behavioral2

    • Target

      BlitzedGrabberV12/Resources/APIFOR.DLL

    • Size

      13KB

    • MD5

      91b4d211faddb0ebc64fb000d75d96c1

    • SHA1

      ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c

    • SHA256

      e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de

    • SHA512

      3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919

    • SSDEEP

      192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa

    Score
    1/10
    behavioral3

    • Target

      BlitzedGrabberV12/Resources/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    behavioral4

    • Target

      BlitzedGrabberV12/Resources/Newtonsoft.Json.dll

    • Size

      492KB

    • MD5

      5e02ddaf3b02e43e532fc6a52b04d14b

    • SHA1

      67f0bd5cfa3824860626b6b3fff37dc89e305cec

    • SHA256

      78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb

    • SHA512

      38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

    • SSDEEP

      12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH

    Score
    1/10
    behavioral5

    • Target

      BlitzedGrabberV12/Resources/UltraEmbeddable.exe

    • Size

      465KB

    • MD5

      b6b77d0798d39d7fadd69784c4e47c30

    • SHA1

      967af699bd9e0f2f20b0743323e5cdd6c3767ea2

    • SHA256

      e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8

    • SHA512

      5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6

    • SSDEEP

      12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO

    Score
    3/10
    behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks