General
-
Target
blitzed.exe
-
Size
34.0MB
-
Sample
230402-hlkt6agd7y
-
MD5
677514f05118d9b3cd0e0c4eb4f26087
-
SHA1
c3883d160a7ceca9d2d441c6720370d510ed5b43
-
SHA256
abeaa67ebce8e8b6d406834c8d016567e5d5bf4e1d2209a45a96c300828b8ef8
-
SHA512
cfda4d80b541de89046b2678ee52f2df8ef7a9308da8ea74a4d071f9f7e0f1bbba202210f84e74a5d6d4a1653b4bfa4ab2a2a12b093b591182c8746ba801bd00
-
SSDEEP
393216:kjfeZBR3LD34p21mu7L/FD/ftnSyY+k4tO2dQ2lN/m3pW+9J8eHzD8YVQJdGd8v:OoP3LEpOmCLtTtY4tndQGK19J8eHnKh
Behavioral task
behavioral1
Sample
blitzed.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
blitzed.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
blitzed.exe
-
Size
34.0MB
-
MD5
677514f05118d9b3cd0e0c4eb4f26087
-
SHA1
c3883d160a7ceca9d2d441c6720370d510ed5b43
-
SHA256
abeaa67ebce8e8b6d406834c8d016567e5d5bf4e1d2209a45a96c300828b8ef8
-
SHA512
cfda4d80b541de89046b2678ee52f2df8ef7a9308da8ea74a4d071f9f7e0f1bbba202210f84e74a5d6d4a1653b4bfa4ab2a2a12b093b591182c8746ba801bd00
-
SSDEEP
393216:kjfeZBR3LD34p21mu7L/FD/ftnSyY+k4tO2dQ2lN/m3pW+9J8eHzD8YVQJdGd8v:OoP3LEpOmCLtTtY4tndQGK19J8eHnKh
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-