General

  • Target

    BlazeV2BootStrapper.exe

  • Size

    7.3MB

  • Sample

    240603-h67jnafh81

  • MD5

    9a859e739f86b47b93532d02cbb4551e

  • SHA1

    b2e90b8a3e46d09b9039cb44556cd09c078cee1a

  • SHA256

    84bd146db45823ad4a6456646be46f0d34f3fce38c3ebdcc147b4442832136c2

  • SHA512

    b7bd86caa0e9562d6ef23c77168b5aa3b18e019a28ca47b713af2bf3e23cb69ac70e01642cab46e96642cc3a76cf8bce2baf61c6b7a2e493c6287886c9eb7704

  • SSDEEP

    196608:XrsxYS6MOshoKMuIkhVastRL5Di3uh1D7Jm:iYSJOshouIkPftRL54YRJm

Malware Config

Targets

    • Target

      BlazeV2BootStrapper.exe

    • Size

      7.3MB

    • MD5

      9a859e739f86b47b93532d02cbb4551e

    • SHA1

      b2e90b8a3e46d09b9039cb44556cd09c078cee1a

    • SHA256

      84bd146db45823ad4a6456646be46f0d34f3fce38c3ebdcc147b4442832136c2

    • SHA512

      b7bd86caa0e9562d6ef23c77168b5aa3b18e019a28ca47b713af2bf3e23cb69ac70e01642cab46e96642cc3a76cf8bce2baf61c6b7a2e493c6287886c9eb7704

    • SSDEEP

      196608:XrsxYS6MOshoKMuIkhVastRL5Di3uh1D7Jm:iYSJOshouIkPftRL54YRJm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks