Overview

overview

10

Static

static

10

BLITZ/Executor.exe

windows10-2004-x64

9

BLITZ/Executor.exe

windows11-21h2-x64

9

BLITZ/Loader.exe

windows10-2004-x64

9

BLITZ/Loader.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Blitz_Executor.rar

  • Size

    146.8MB

  • Sample

    240424-n1qlvahe67

  • MD5

    d4472b069eec73efa017a4be46bffe75

  • SHA1

    29c4c4cd3ef043bab6ba7294a8c158d4da47f096

  • SHA256

    2cc6f2e315a3bc5ebd132428f06ac1f7f875e92b8718e0985d2ab3c3059d90b9

  • SHA512

    f549554e70db3625137dcf4f77bb92fc987df7988d7d9712ef177338a6ed0582a5d54edc900e91d9cf185877b0b975684bd97ab7a6b043f88042ca7bba373990

  • SSDEEP

    3145728:TNEGM8dDIrYiPuCTVWSsoNrLNEGM8dDIrYiPuCTVWSsoNri:T6GAYiZWWpL6GAYiZWWpi

Score
10/10
pysilonevasionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      BLITZ/Executor.exe

    • Size

      76.4MB

    • MD5

      ee7775f904cd7772316025a9cdb326c0

    • SHA1

      c727f8b91660a01e17e4e60d0a9885995eb9eb0b

    • SHA256

      7b062e10124eb48b105d7d98be514e414121e2b7e071b5e2b896b6ceef62445d

    • SHA512

      f97fb351484908eb610a969fe095ddcb23317a3f15c19a661ef937c0ce4538ee5b243252951d0497fe70ff5adbeb86d639a91e1e99fd008b6d720445c0622da8

    • SSDEEP

      1572864:bviEZjTAWSk8IpG7V+VPhqQdSsE7mjxziYweyJulZUdgl0WVsjYm11qZ9U3:bvZZgWSkB05awkSwtspuB0cQc9U

    Score
    9/10
    evasionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      BLITZ/Loader.exe

    • Size

      76.4MB

    • MD5

      ee7775f904cd7772316025a9cdb326c0

    • SHA1

      c727f8b91660a01e17e4e60d0a9885995eb9eb0b

    • SHA256

      7b062e10124eb48b105d7d98be514e414121e2b7e071b5e2b896b6ceef62445d

    • SHA512

      f97fb351484908eb610a969fe095ddcb23317a3f15c19a661ef937c0ce4538ee5b243252951d0497fe70ff5adbeb86d639a91e1e99fd008b6d720445c0622da8

    • SSDEEP

      1572864:bviEZjTAWSk8IpG7V+VPhqQdSsE7mjxziYweyJulZUdgl0WVsjYm11qZ9U3:bvZZgWSkB05awkSwtspuB0cQc9U

    Score
    9/10
    evasionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks