General

  • Target

    Blizzard Bruter1.exe

  • Size

    686KB

  • Sample

    240308-rs2wpahd27

  • MD5

    556c04ad6375170b8e82307fb635fa2c

  • SHA1

    ff79cfbd468abed9db06ebfebad7120b1c406a35

  • SHA256

    f09f408741cee91b8c28df7a4e1df7689e860e8151e55ba5e0323865e437eee0

  • SHA512

    beff790172747d4c2b05f2a31a6de8bb2271bcc8f7b04377848488aa0a27769eb01791ae6fe2b2575c6d40316b6cc67e48f0403df2c2bc451dab5af7f3d9aa6e

  • SSDEEP

    12288:RwAwAKXN3XL1/uOgieIo7FXr9KEvob1vbfPsGOG7P+KN5Lu4zvozF:RwAwbN3XL1/uOgieIRb1vb3sGO2u

Score
8/10

Malware Config

Targets

    • Target

      Blizzard Bruter1.exe

    • Size

      686KB

    • MD5

      556c04ad6375170b8e82307fb635fa2c

    • SHA1

      ff79cfbd468abed9db06ebfebad7120b1c406a35

    • SHA256

      f09f408741cee91b8c28df7a4e1df7689e860e8151e55ba5e0323865e437eee0

    • SHA512

      beff790172747d4c2b05f2a31a6de8bb2271bcc8f7b04377848488aa0a27769eb01791ae6fe2b2575c6d40316b6cc67e48f0403df2c2bc451dab5af7f3d9aa6e

    • SSDEEP

      12288:RwAwAKXN3XL1/uOgieIo7FXr9KEvob1vbfPsGOG7P+KN5Lu4zvozF:RwAwbN3XL1/uOgieIRb1vb3sGO2u

    Score
    8/10
    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks