General

  • Target

    bloxstrap.2.5.4.exe

  • Size

    28.7MB

  • Sample

    240511-gl67qaha7y

  • MD5

    bc5ff1a863da76926990f8beda698061

  • SHA1

    98efd508b24a0a2a815c21a1d89ca4106aa65691

  • SHA256

    455b199db8374d6299e64c67d27f2658a05123b1db935f689310c33e4ac43657

  • SHA512

    9d419b88033226ef4ec1e620d56eba2b5a79d77d5f98a7b1d577ff9f95bc836efd7ce6a544ff5be6dd9dca19c6df7889549ef970bc935bc6028a7812599dd3c0

  • SSDEEP

    393216:oUjvw0yFnjtI8Y3+qvzr0yDRp9Yy/iHys0mN+Kur+RFRd2khijtfEOyBXQdzNuSB:oq3+qzYoRrqSBaC24Mi5E80SB

Malware Config

Targets

    • Target

      bloxstrap.2.5.4.exe

    • Size

      28.7MB

    • MD5

      bc5ff1a863da76926990f8beda698061

    • SHA1

      98efd508b24a0a2a815c21a1d89ca4106aa65691

    • SHA256

      455b199db8374d6299e64c67d27f2658a05123b1db935f689310c33e4ac43657

    • SHA512

      9d419b88033226ef4ec1e620d56eba2b5a79d77d5f98a7b1d577ff9f95bc836efd7ce6a544ff5be6dd9dca19c6df7889549ef970bc935bc6028a7812599dd3c0

    • SSDEEP

      393216:oUjvw0yFnjtI8Y3+qvzr0yDRp9Yy/iHys0mN+Kur+RFRd2khijtfEOyBXQdzNuSB:oq3+qzYoRrqSBaC24Mi5E80SB

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks