Overview

overview

8

Static

static

1

Setup - Bloxshade.exe

windows7-x64

3

Setup - Bloxshade.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bloxshade.zip

  • Size

    3.9MB

  • Sample

    240727-celvzssgkc

  • MD5

    068931213e7386d31e4477e7432f37c9

  • SHA1

    1f5cf480d9a9578418f590523228a7ec6272a12f

  • SHA256

    03539a59a60c0124a8bf28736ff945f96a5494d907b4bafa4edeca118410750e

  • SHA512

    93c63b658445348133adf2d8e7bdf280e8f881664ed73175ee7fb49e40dc28ac62990bcc7baad89e644f5fde95eb601bf0fb32f267c39b96e48dded654aecea7

  • SSDEEP

    98304:ZHRWtoWNo0bRZEhIj0DagrGGhCSFq1PUlwZEHGYMlfQ5:ZHRoi0bRiG0BaSFq1PUlQYMa5

Score
8/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      Setup - Bloxshade.exe

    • Size

      9.2MB

    • MD5

      dfbe896ade6ae361efd045187b9ae9f3

    • SHA1

      a5321f14809ddb9d2663685e63d4bfafb00a9f4a

    • SHA256

      4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b

    • SHA512

      ff66de45f95b3782df9c3471dd7a8cc1701d9e4de5d8a991e1d7503da15d8bae8322b131b7f8fe1455678a40759b17b1ee9f011629b074dca07b588f1817faa3

    • SSDEEP

      98304:soXaczi2BKW2oqTqYhLsj4xTdhblvVXn9SXm90hSJ:soX3bqTnLsj4xbbl9X9sg0hy

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationtrojan

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks