growtopia | 5a52085a5f8f591347e11bc4c9246887ebe5dcde0209edc7016e3d6000f1defa | Triage

Submit
Reports

Overview

overview

Static

static

3

BlitzWare_...re.exe

windows7-x64

BlitzWare_...re.exe

windows10-2004-x64

1

Sharing

General

Target

BlitzWare_Fortnite_Menu.zip
Size

11.6MB
Sample

240204-c3yvfsfdg2
MD5

3aff50de39675f2d8e5f47ca1f467e00
SHA1

f2ceb18d59b1f71175c93f880db2e4748c1b6f09
SHA256

5a52085a5f8f591347e11bc4c9246887ebe5dcde0209edc7016e3d6000f1defa
SHA512

0d67de715e17c777b8d129f14ade87094cdc0872e9f022e7097b973d108c0ee4ab43a0aa26b5c363add53dc23e0f0e3bde6f4f907324c6180475b09dee3a5945
SSDEEP

196608:45Wbi6lFv7YDR1TDfoSeYaAZ9gL/zhgCkr3tXqeMi4AbfUWgFVZ5:4Ai6TUDR1Wvh2r3tXquvbfGFVZ5

Score

10^/10

growtopia xmrig zgrat evasion miner persistence pyinstaller rat stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BlitzWare_Fortnite_Menu/BlitzWare.exe

Resource

win7-20231129-en

growtopia xmrig zgrat evasion miner persistence pyinstaller rat stealer upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

BlitzWare_Fortnite_Menu/BlitzWare.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

growtopia

C2

https://discord.com/api/webhooks/1199763266872803338/8vedcXoMcyExhe1xhBm5f8ncmafWmOB3pkulE0l8g9Pel0t3ziyr2V51cLTVEjYsE4Rj

Targets

- Target
  
  BlitzWare_Fortnite_Menu/BlitzWare.exe
- Size
  
  12.8MB
- MD5
  
  3b4a760c064fa2e6f5b05c9da03333c6
- SHA1
  
  8053af5d5858430a3b6f28ad3c8c5be47932dd5d
- SHA256
  
  bc2d16deb9222945b10f9511c777d7125042d31d748a0f42affc8a659f2dac79
- SHA512
  
  54399f1198a15e52d04d0d8a0f59ccfeec067ccf331393a1311bb81b6f034449c42ec02fe3811f827847b93916a2264408035c49946e598368bb9a9278cdba0a
- SSDEEP
  
  196608:Ob5hSxqJAcXCMEKngteZX07mvbSHL8D++wsmReLZijeBCMcwJADXbsdMN2LId+3B:Obmq7yMERtD2bysmMijstOX422cdK
Score

10^/10

growtopia xmrig zgrat evasion miner persistence pyinstaller rat stealer upx
- Detect ZGRat V1
- Growtopia
  Growtopa is an opensource modular stealer written in C#.
  stealer growtopia
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

growtopiaxmrigzgratevasionminerpersistencepyinstallerratstealerupx

behavioral2

© 2018-2024

Terms | Privacy