Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Blitz-2.1.130.exe

  • Size

    94.9MB

  • Sample

    240220-bfvc3sgd7x

  • MD5

    2e52c8f6d3e544ee32c3bb55e434dde0

  • SHA1

    0e25ff17410670115032571a9e9c4aaf28421cc4

  • SHA256

    177eb704df67eb4982a6f125fb2b57342e80db27f9bfeea8ff76d8e8ef318801

  • SHA512

    1830d86b27b5a5fc71ee0fc86a09848074d80bfd1707f2c7833c6e27a5084f7f12ac904e761e649a0fd306d9db4f268c47a23473dbbc328ca9fcebc04e993f6b

  • SSDEEP

    1572864:57hgLRJkN3wU6MMljj3DuozU6TZG+gLfxL6N7m0rZgL6I2CCQ55/33du:59SJkSU6n7DbzRZG+Afxi7H186ahNu

Malware Config

Targets

    • Target

      Blitz-2.1.130.exe

    • Size

      94.9MB

    • MD5

      2e52c8f6d3e544ee32c3bb55e434dde0

    • SHA1

      0e25ff17410670115032571a9e9c4aaf28421cc4

    • SHA256

      177eb704df67eb4982a6f125fb2b57342e80db27f9bfeea8ff76d8e8ef318801

    • SHA512

      1830d86b27b5a5fc71ee0fc86a09848074d80bfd1707f2c7833c6e27a5084f7f12ac904e761e649a0fd306d9db4f268c47a23473dbbc328ca9fcebc04e993f6b

    • SSDEEP

      1572864:57hgLRJkN3wU6MMljj3DuozU6TZG+gLfxL6N7m0rZgL6I2CCQ55/33du:59SJkSU6n7DbzRZG+Afxi7H186ahNu

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    1/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      resources/binaries/PinManager.exe

    • Size

      41KB

    • MD5

      349c62c8e1c39de20ba24badd6d849aa

    • SHA1

      574030f3177c0663bdda7ac0f4a33dc437a7c801

    • SHA256

      13afc0e1cb2a24d2fb506ca9e5fa7ab8dff74029f30346611c11040e74373b64

    • SHA512

      a94dfdc7acf37bf3532e25cb06d15363c78c3ad8d7f21571f6d82ce440f14c400b98a409a55e3382672608f8ffe4a39a9a98a3e8444c86193609bbf99710c339

    • SSDEEP

      768:JDDEJIInXi0jgKDUQj0yYokeqFNGaiYijI3AMxkEdo:t2MKDfdLkTNG778xRo

    Score
    1/10
    • Target

      resources/binaries/apex-internal.dll

    • Size

      3.4MB

    • MD5

      8d450b22c2ad0c9a80da223dd91121c4

    • SHA1

      b628576d24864d5c8173b273135014e22a1d80e2

    • SHA256

      dd70c29c44c8759e05f90b9f3836eaef86afb2a484c572b586f982810ab4931b

    • SHA512

      3eed8b5e4230b1391884a1dcf85e74e49af84c7c04adbe72148a31e396504317120cd5bf914b233975a9e3d87140270b7d771e5c936ec1a17ce6e2375468cf04

    • SSDEEP

      49152:5SCUu4hXFAzTwZeKzUCa13eSfvMnmjWWMDP2OQyXmkTiZGY:5SS9EXa13NW2WXmkTWGY

    Score
    1/10
    • Target

      resources/binaries/blitz-csgo-external.exe

    • Size

      3.2MB

    • MD5

      e5a69f6a21d6b9b04a7dc5821165e22a

    • SHA1

      051812435d93ca86fc5bc3982b451282a31f5fda

    • SHA256

      23f099e9437c9c869b6752ecea9989ce3f4564caa4d056d45514d14b4716c09a

    • SHA512

      03bfceddf9909b32a209ca4dca929ef18a75503d39d6972778d7a30e09ff66b59d57c348ddcfc51681ffc436b8aacf260b3b33e6946d1d27ca03db28d71f0508

    • SSDEEP

      49152:k6duFzyjRmXnyJMlpul+PTavnnTEOFP2OQyXmkTiZGC:x2C+PTm2WXmkTWGC

    Score
    1/10
    • Target

      resources/binaries/blitz-overlay.dll

    • Size

      3.7MB

    • MD5

      bb537b580e1753d0a0490afc38a56bd5

    • SHA1

      141499e874250027e94d5e280652b34bac75172e

    • SHA256

      1d3583315cdd6270eed99b468b9a92a44ee6897870b6b200b1af9e2f5c0fc068

    • SHA512

      ab6a3a266220f4bfd4f60966b71cd85b1afcf3236c3ec007a647e9d2f5c486dc5084ab6071328dfce6486c7a0c9c31bad55488bf66fad96a1791777fd778c757

    • SSDEEP

      49152:spA9xvXm2lePxGAHNMC9xdI6PYvsn5Nx0WIzyNk8P2OQyXmkTiZGy:KAhaFxa2x0uNV2WXmkTWGy

    Score
    1/10
    • Target

      resources/binaries/blitz-update-digicert.exe

    • Size

      244KB

    • MD5

      229d244a355b1fc32f569090c34f8360

    • SHA1

      ebca3086116971daa70ac0ee7b67bdd66ecb709f

    • SHA256

      1fba3e3c5ca0d9dc583dd39f34f75cb2475e0d36c01a2902d9a4bcf01d5febb8

    • SHA512

      0d31189fece5c253cf384997691bf92349703fe19f70a40ff979fbcfc324c38794589b0751133b2094523b31fb22fb77d655f781078a6148e37dfee5fcc41fb6

    • SSDEEP

      3072:PtnPNplJbuaVyB2Z4WmNXKPt+fHIZOvlPZ+7hF7evE+guL0P3YNHv2sJ/Qh6/8oS:FlMwycZ4xNEt+v0OvlWg8+8Pa+vN

    Score
    1/10
    • Target

      resources/binaries/blitz_core.node

    • Size

      903KB

    • MD5

      c9651ddef81a013408e6c6b0905f8e1d

    • SHA1

      21d5f09adbf87c85b702edfea7f85440377fa925

    • SHA256

      87d1461a7842f3874b795286f521fda1e996840a5bcfb4dbb2941ebb745bd6ff

    • SHA512

      fe2e900cb150b7f6a161f24861fb2f45a141780a729b717ed8f27daba8458dcfe824b75ab3c3348fd668eefc23b0652c6a5217c22e2e0037e3aef2d775453d5c

    • SSDEEP

      12288:JhnpLsA9P2VRmzKJkCQgEeThaJL9n4bpq1nUMgQYVME05KsZQriV5Zwrzl0GFy0P:bnpLsAgwbuzrp0GM1GTxD1R030

    Score
    1/10
    • Target

      resources/binaries/blitz_fortnite.dll

    • Size

      3.6MB

    • MD5

      36fff46b4bb4d4da458b679ac796a22f

    • SHA1

      5595216100053e5741f0dc87307583c65c430691

    • SHA256

      487ff9af9805924e1cb6b5721547adb4c9fa9149339af3c76db3e3870cd2381c

    • SHA512

      060bfe409b390aa8fda1d2278bf51a5623e6976b39dbb51acba8f7f631d4fcbe54345e6b71980a550f54af1df0220512756d54a5068187c7d3511e0ec7d0fc12

    • SSDEEP

      49152:mKcX5Z15fNpr0W+by0k1CWCNTOxFv8PMjy/UvYna3rB+P2OQyXmkTiZG8:hWqyOoY0jyu02WXmkTWG8

    Score
    1/10
    • Target

      resources/binaries/blitz_palworld.dll

    • Size

      8.3MB

    • MD5

      05d71b0c4e46f640c49a0f88da7dd760

    • SHA1

      b8b8ae8f939138ae33ed5083df42effda87a4f85

    • SHA256

      9c3a7269cc1ac926c50e6923d5c7568a8258efdb4b680afc13191fd0d634ec19

    • SHA512

      40a8efcd5866d332dd5f3788021c7b2940296a46e73a37a22d166faefdc4869fb523feebf048c73b0e3b29d770ea582b9cd661b1f3af81e547275db40f79335b

    • SSDEEP

      196608:l3YwQG/U47chg7xgexpmSm413sBm93/c2xGn:lKG/U4v6Sm413s493/hGn

    Score
    1/10
    • Target

      resources/binaries/csgo-demo-parser.exe

    • Size

      13.1MB

    • MD5

      6dbcab5de2c7b749f600ccb2586efdf0

    • SHA1

      d17177b472aa84b0f7b384c32e376e002508b66b

    • SHA256

      21747e836936c2cfa58c5f79aaab47fe7d7b3d3917a2effc18e58bfc454ca5ef

    • SHA512

      77a361ba19f258e32a1b9d38f0fd93c7b18026331fbea83ed13a4dae241b08980efa87ceda0bf03b457fb0643d40d68552860335d3f36b16bdde8b5d18be9b8b

    • SSDEEP

      196608:Fpsg3aIDKbfMk7idDwREbZL6UrBbvb5OgUMnY60G8Jag4:Eg3aIDKbfMk7idDwRiZeUrtbqdO

    Score
    1/10
    • Target

      resources/binaries/index.node

    • Size

      3.0MB

    • MD5

      73039ad2733a51291107af7597d6b690

    • SHA1

      f4528cef20e32dce686b7d62bbcce149f8f278c4

    • SHA256

      7ad5d3556e8be648b4935fbb2857fbecf96c83ded89010753663c08b9f536489

    • SHA512

      e3ee8e58d5eabcd8b291ff97a472e730711b4bc0c69b291dbee249d6c9951b808d67d59c2f2ff560064c0ca83d9fcf47deb227c6e0126830b314993b60a9ce37

    • SSDEEP

      49152:Enl2ywXj6yiRhYtSMNSVEXDZBSf4dUWC5P/y3n0XgWQjIJ4Ps:Ev0fy35Qn0XgWF4Ps

    Score
    1/10
    • Target

      resources/binaries/safe_x64_injector.exe

    • Size

      318KB

    • MD5

      8b166b9e9d688b99688d54b36c7c091b

    • SHA1

      ab879e23a40b07ea56d3743be8f5c6a668e8c31e

    • SHA256

      cca7277f73a64df6c934144474260cefa4ceb89b135e23dfc5adc21efefa143c

    • SHA512

      ae427bdd48c45f261dcf98b3db32eb3fe633546d1d39929c35f00a590977c5fc0925f0db2ae77f06da0d041832c50462999b7ac59ee894cc347ef736c428d625

    • SSDEEP

      6144:pL0Qeikcy73FJ/4La85Y8W+gyFf++2RzXGfohtkMK6:h9kcy7P/4LakYMRf+CfooMr

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discoverypersistence
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10