Overview

overview

7

Static

static

3

Bloxstrap-v2.5.4.exe

windows7-x64

1

Bloxstrap-v2.5.4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 09:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Bloxstrap-v2.5.4.exe

  • Size

    7.6MB

  • MD5

    dbb820772caf0003967ef0f269fbdeb1

  • SHA1

    31992bd4977a7dfeba67537a2da6c9ca64bc304c

  • SHA256

    b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

  • SHA512

    e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f

  • SSDEEP

    98304:XNd5DSd5DxTsed5D2ZT00UuOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTl1:X+sdtObAbN0u

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe
    "C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.5.4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-5e534e6db34e447e\content\configs\DateTimeLocaleConfigs\zh-hans.json
          Filesize

          2KB

          MD5

          fb6605abd624d1923aef5f2122b5ae58

          SHA1

          6e98c0a31fa39c781df33628b55568e095be7d71

          SHA256

          7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

          SHA512

          97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

          Download Submit

        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-5e534e6db34e447e\content\configs\DateTimeLocaleConfigs\zh-tw.json
          Filesize

          2KB

          MD5

          702c9879f2289959ceaa91d3045f28aa

          SHA1

          775072f139acc8eafb219af355f60b2f57094276

          SHA256

          a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

          SHA512

          815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

          Download Submit

        • memory/4548-0-0x00007FF9A4D9B000-0x00007FF9A4D9C000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4548-194-0x00007FF9A4D9B000-0x00007FF9A4D9C000-memory.dmp

          Filesize

          4KB

          Download