General
-
Target
BlitzedGrabberV12.bin.exe
-
Size
2.1MB
-
Sample
230724-ktwbzaca92
-
MD5
57a38337a7bf9a0f40cc19b9106fb664
-
SHA1
5c376c9e64137c175a1b3eb463d0a8d44557cfb2
-
SHA256
7049513f0a55cdad1d145ba2c2f988ecf02767bd04b52cd443669e0776da997a
-
SHA512
0f2015189b680ae2fecbf25ddd37a8d5ceea575187ee2ac672df7a5504afa44fb3b17e1cfc74f0c7ccf4c12fc9ffb2672ab3f7158ae8a65e2f5b925247c3ad1b
-
SSDEEP
49152:TdmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG9pn:TO49wi73fWchn
Behavioral task
behavioral1
Sample
BlitzedGrabberV12.bin.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
BlitzedGrabberV12.bin.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
xworm
stores-anytime.at.ply.gg:36673
-
install_file
USB.exe
Targets
-
-
Target
BlitzedGrabberV12.bin.exe
-
Size
2.1MB
-
MD5
57a38337a7bf9a0f40cc19b9106fb664
-
SHA1
5c376c9e64137c175a1b3eb463d0a8d44557cfb2
-
SHA256
7049513f0a55cdad1d145ba2c2f988ecf02767bd04b52cd443669e0776da997a
-
SHA512
0f2015189b680ae2fecbf25ddd37a8d5ceea575187ee2ac672df7a5504afa44fb3b17e1cfc74f0c7ccf4c12fc9ffb2672ab3f7158ae8a65e2f5b925247c3ad1b
-
SSDEEP
49152:TdmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG9pn:TO49wi73fWchn
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-