General
-
Target
Bloxshade.zip
-
Size
3.9MB
-
Sample
240727-celvzssgkc
-
MD5
068931213e7386d31e4477e7432f37c9
-
SHA1
1f5cf480d9a9578418f590523228a7ec6272a12f
-
SHA256
03539a59a60c0124a8bf28736ff945f96a5494d907b4bafa4edeca118410750e
-
SHA512
93c63b658445348133adf2d8e7bdf280e8f881664ed73175ee7fb49e40dc28ac62990bcc7baad89e644f5fde95eb601bf0fb32f267c39b96e48dded654aecea7
-
SSDEEP
98304:ZHRWtoWNo0bRZEhIj0DagrGGhCSFq1PUlwZEHGYMlfQ5:ZHRoi0bRiG0BaSFq1PUlQYMa5
Static task
static1
Behavioral task
behavioral1
Sample
Setup - Bloxshade.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Setup - Bloxshade.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Setup - Bloxshade.exe
-
Size
9.2MB
-
MD5
dfbe896ade6ae361efd045187b9ae9f3
-
SHA1
a5321f14809ddb9d2663685e63d4bfafb00a9f4a
-
SHA256
4b78c95b9a8e9f7e0934cce997b176f85dcb4a662bf134bdb3ce89f3ae47288b
-
SHA512
ff66de45f95b3782df9c3471dd7a8cc1701d9e4de5d8a991e1d7503da15d8bae8322b131b7f8fe1455678a40759b17b1ee9f011629b074dca07b588f1817faa3
-
SSDEEP
98304:soXaczi2BKW2oqTqYhLsj4xTdhblvVXn9SXm90hSJ:soX3bqTnLsj4xbbl9X9sg0hy
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1