177eb704df67eb4982a6f125fb2b57342e80db27f9bfeea8ff76d8e8ef318801

Sharing

Copy URL

Twitter E-mail

General

Target

Blitz-2.1.130.exe
Size

94.9MB
Sample

240220-bfvc3sgd7x
MD5

2e52c8f6d3e544ee32c3bb55e434dde0
SHA1

0e25ff17410670115032571a9e9c4aaf28421cc4
SHA256

177eb704df67eb4982a6f125fb2b57342e80db27f9bfeea8ff76d8e8ef318801
SHA512

1830d86b27b5a5fc71ee0fc86a09848074d80bfd1707f2c7833c6e27a5084f7f12ac904e761e649a0fd306d9db4f268c47a23473dbbc328ca9fcebc04e993f6b
SSDEEP

1572864:57hgLRJkN3wU6MMljj3DuozU6TZG+gLfxL6N7m0rZgL6I2CCQ55/33du:59SJkSU6n7DbzRZG+Afxi7H186ahNu

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  Blitz-2.1.130.exe
- Size
  
  94.9MB
- MD5
  
  2e52c8f6d3e544ee32c3bb55e434dde0
- SHA1
  
  0e25ff17410670115032571a9e9c4aaf28421cc4
- SHA256
  
  177eb704df67eb4982a6f125fb2b57342e80db27f9bfeea8ff76d8e8ef318801
- SHA512
  
  1830d86b27b5a5fc71ee0fc86a09848074d80bfd1707f2c7833c6e27a5084f7f12ac904e761e649a0fd306d9db4f268c47a23473dbbc328ca9fcebc04e993f6b
- SSDEEP
  
  1572864:57hgLRJkN3wU6MMljj3DuozU6TZG+gLfxL6N7m0rZgL6I2CCQ55/33du:59SJkSU6n7DbzRZG+Afxi7H186ahNu
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  resources/binaries/PinManager.exe
- Size
  
  41KB
- MD5
  
  349c62c8e1c39de20ba24badd6d849aa
- SHA1
  
  574030f3177c0663bdda7ac0f4a33dc437a7c801
- SHA256
  
  13afc0e1cb2a24d2fb506ca9e5fa7ab8dff74029f30346611c11040e74373b64
- SHA512
  
  a94dfdc7acf37bf3532e25cb06d15363c78c3ad8d7f21571f6d82ce440f14c400b98a409a55e3382672608f8ffe4a39a9a98a3e8444c86193609bbf99710c339
- SSDEEP
  
  768:JDDEJIInXi0jgKDUQj0yYokeqFNGaiYijI3AMxkEdo:t2MKDfdLkTNG778xRo
Score

1^/10
behavioral11 behavioral12
- Target
  
  resources/binaries/apex-internal.dll
- Size
  
  3.4MB
- MD5
  
  8d450b22c2ad0c9a80da223dd91121c4
- SHA1
  
  b628576d24864d5c8173b273135014e22a1d80e2
- SHA256
  
  dd70c29c44c8759e05f90b9f3836eaef86afb2a484c572b586f982810ab4931b
- SHA512
  
  3eed8b5e4230b1391884a1dcf85e74e49af84c7c04adbe72148a31e396504317120cd5bf914b233975a9e3d87140270b7d771e5c936ec1a17ce6e2375468cf04
- SSDEEP
  
  49152:5SCUu4hXFAzTwZeKzUCa13eSfvMnmjWWMDP2OQyXmkTiZGY:5SS9EXa13NW2WXmkTWGY
Score

1^/10
behavioral13 behavioral14
- Target
  
  resources/binaries/blitz-csgo-external.exe
- Size
  
  3.2MB
- MD5
  
  e5a69f6a21d6b9b04a7dc5821165e22a
- SHA1
  
  051812435d93ca86fc5bc3982b451282a31f5fda
- SHA256
  
  23f099e9437c9c869b6752ecea9989ce3f4564caa4d056d45514d14b4716c09a
- SHA512
  
  03bfceddf9909b32a209ca4dca929ef18a75503d39d6972778d7a30e09ff66b59d57c348ddcfc51681ffc436b8aacf260b3b33e6946d1d27ca03db28d71f0508
- SSDEEP
  
  49152:k6duFzyjRmXnyJMlpul+PTavnnTEOFP2OQyXmkTiZGC:x2C+PTm2WXmkTWGC
Score

1^/10
behavioral15 behavioral16
- Target
  
  resources/binaries/blitz-overlay.dll
- Size
  
  3.7MB
- MD5
  
  bb537b580e1753d0a0490afc38a56bd5
- SHA1
  
  141499e874250027e94d5e280652b34bac75172e
- SHA256
  
  1d3583315cdd6270eed99b468b9a92a44ee6897870b6b200b1af9e2f5c0fc068
- SHA512
  
  ab6a3a266220f4bfd4f60966b71cd85b1afcf3236c3ec007a647e9d2f5c486dc5084ab6071328dfce6486c7a0c9c31bad55488bf66fad96a1791777fd778c757
- SSDEEP
  
  49152:spA9xvXm2lePxGAHNMC9xdI6PYvsn5Nx0WIzyNk8P2OQyXmkTiZGy:KAhaFxa2x0uNV2WXmkTWGy
Score

1^/10
behavioral17 behavioral18
- Target
  
  resources/binaries/blitz-update-digicert.exe
- Size
  
  244KB
- MD5
  
  229d244a355b1fc32f569090c34f8360
- SHA1
  
  ebca3086116971daa70ac0ee7b67bdd66ecb709f
- SHA256
  
  1fba3e3c5ca0d9dc583dd39f34f75cb2475e0d36c01a2902d9a4bcf01d5febb8
- SHA512
  
  0d31189fece5c253cf384997691bf92349703fe19f70a40ff979fbcfc324c38794589b0751133b2094523b31fb22fb77d655f781078a6148e37dfee5fcc41fb6
- SSDEEP
  
  3072:PtnPNplJbuaVyB2Z4WmNXKPt+fHIZOvlPZ+7hF7evE+guL0P3YNHv2sJ/Qh6/8oS:FlMwycZ4xNEt+v0OvlWg8+8Pa+vN
Score

1^/10
behavioral19 behavioral20
- Target
  
  resources/binaries/blitz_core.node
- Size
  
  903KB
- MD5
  
  c9651ddef81a013408e6c6b0905f8e1d
- SHA1
  
  21d5f09adbf87c85b702edfea7f85440377fa925
- SHA256
  
  87d1461a7842f3874b795286f521fda1e996840a5bcfb4dbb2941ebb745bd6ff
- SHA512
  
  fe2e900cb150b7f6a161f24861fb2f45a141780a729b717ed8f27daba8458dcfe824b75ab3c3348fd668eefc23b0652c6a5217c22e2e0037e3aef2d775453d5c
- SSDEEP
  
  12288:JhnpLsA9P2VRmzKJkCQgEeThaJL9n4bpq1nUMgQYVME05KsZQriV5Zwrzl0GFy0P:bnpLsAgwbuzrp0GM1GTxD1R030
Score

1^/10
behavioral21 behavioral22
- Target
  
  resources/binaries/blitz_fortnite.dll
- Size
  
  3.6MB
- MD5
  
  36fff46b4bb4d4da458b679ac796a22f
- SHA1
  
  5595216100053e5741f0dc87307583c65c430691
- SHA256
  
  487ff9af9805924e1cb6b5721547adb4c9fa9149339af3c76db3e3870cd2381c
- SHA512
  
  060bfe409b390aa8fda1d2278bf51a5623e6976b39dbb51acba8f7f631d4fcbe54345e6b71980a550f54af1df0220512756d54a5068187c7d3511e0ec7d0fc12
- SSDEEP
  
  49152:mKcX5Z15fNpr0W+by0k1CWCNTOxFv8PMjy/UvYna3rB+P2OQyXmkTiZG8:hWqyOoY0jyu02WXmkTWG8
Score

1^/10
behavioral23 behavioral24
- Target
  
  resources/binaries/blitz_palworld.dll
- Size
  
  8.3MB
- MD5
  
  05d71b0c4e46f640c49a0f88da7dd760
- SHA1
  
  b8b8ae8f939138ae33ed5083df42effda87a4f85
- SHA256
  
  9c3a7269cc1ac926c50e6923d5c7568a8258efdb4b680afc13191fd0d634ec19
- SHA512
  
  40a8efcd5866d332dd5f3788021c7b2940296a46e73a37a22d166faefdc4869fb523feebf048c73b0e3b29d770ea582b9cd661b1f3af81e547275db40f79335b
- SSDEEP
  
  196608:l3YwQG/U47chg7xgexpmSm413sBm93/c2xGn:lKG/U4v6Sm413s493/hGn
Score

1^/10
behavioral25 behavioral26
- Target
  
  resources/binaries/csgo-demo-parser.exe
- Size
  
  13.1MB
- MD5
  
  6dbcab5de2c7b749f600ccb2586efdf0
- SHA1
  
  d17177b472aa84b0f7b384c32e376e002508b66b
- SHA256
  
  21747e836936c2cfa58c5f79aaab47fe7d7b3d3917a2effc18e58bfc454ca5ef
- SHA512
  
  77a361ba19f258e32a1b9d38f0fd93c7b18026331fbea83ed13a4dae241b08980efa87ceda0bf03b457fb0643d40d68552860335d3f36b16bdde8b5d18be9b8b
- SSDEEP
  
  196608:Fpsg3aIDKbfMk7idDwREbZL6UrBbvb5OgUMnY60G8Jag4:Eg3aIDKbfMk7idDwRiZeUrtbqdO
Score

1^/10
behavioral27 behavioral28
- Target
  
  resources/binaries/index.node
- Size
  
  3.0MB
- MD5
  
  73039ad2733a51291107af7597d6b690
- SHA1
  
  f4528cef20e32dce686b7d62bbcce149f8f278c4
- SHA256
  
  7ad5d3556e8be648b4935fbb2857fbecf96c83ded89010753663c08b9f536489
- SHA512
  
  e3ee8e58d5eabcd8b291ff97a472e730711b4bc0c69b291dbee249d6c9951b808d67d59c2f2ff560064c0ca83d9fcf47deb227c6e0126830b314993b60a9ce37
- SSDEEP
  
  49152:Enl2ywXj6yiRhYtSMNSVEXDZBSf4dUWC5P/y3n0XgWQjIJ4Ps:Ev0fy35Qn0XgWF4Ps
Score

1^/10
behavioral29 behavioral30
- Target
  
  resources/binaries/safe_x64_injector.exe
- Size
  
  318KB
- MD5
  
  8b166b9e9d688b99688d54b36c7c091b
- SHA1
  
  ab879e23a40b07ea56d3743be8f5c6a668e8c31e
- SHA256
  
  cca7277f73a64df6c934144474260cefa4ceb89b135e23dfc5adc21efefa143c
- SHA512
  
  ae427bdd48c45f261dcf98b3db32eb3fe633546d1d39929c35f00a590977c5fc0925f0db2ae77f06da0d041832c50462999b7ac59ee894cc347ef736c428d625
- SSDEEP
  
  6144:pL0Qeikcy73FJ/4La85Y8W+gyFf++2RzXGfohtkMK6:h9kcy7P/4LakYMRf+CfooMr
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32