Overview
overview
10Static
static
3BloodHub F...ks.exe
windows7-x64
3BloodHub F...ks.exe
windows10-2004-x64
3BloodHub F...IM.vbs
windows7-x64
8BloodHub F...IM.vbs
windows10-2004-x64
8BloodHub F...x9.dll
windows7-x64
3BloodHub F...x9.dll
windows10-2004-x64
3BloodHub F...ks.exe
windows7-x64
3BloodHub F...ks.exe
windows10-2004-x64
3BloodHub F...IM.vbs
windows7-x64
8BloodHub F...IM.vbs
windows10-2004-x64
8BloodHub F...x9.dll
windows7-x64
3BloodHub F...x9.dll
windows10-2004-x64
3BloodHub Loader.exe
windows7-x64
10BloodHub Loader.exe
windows10-2004-x64
10General
-
Target
197d3c795c3a6989a3430400ebcdd5f2_JaffaCakes118
-
Size
4.8MB
-
Sample
240728-vxyavavckm
-
MD5
197d3c795c3a6989a3430400ebcdd5f2
-
SHA1
bbb374f2d93cd8b264cedde75f2425e5477b3583
-
SHA256
acce699c8488a2a13142852a6080c1512ba55f0ee56f9fdac2fc7a45b806d3c5
-
SHA512
a4d5c1f1f2a5a33929e65a06d8b4b238698c2e3c2ad572c3cc480e93bc59d337453b33770cd511217fddfdf57e427e017fcf1d01d10dac3494a465a431b7663b
-
SSDEEP
98304:K43JpL4dXD943JpL4rAe3UfRG+8Wlma1lQY9oQc51cQUTvjsXB4T:ZhSkhGT3adhlf1KY9ojIDjsR4T
Static task
static1
Behavioral task
behavioral1
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/Crossfire Rocks.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/Crossfire Rocks.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/JIM.vbs
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/JIM.vbs
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/d3dx9.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/d3dx9.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/Crossfire Rocks.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/Crossfire Rocks.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/JIM.vbs
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/JIM.vbs
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/d3dx9.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/d3dx9.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
BloodHub Loader.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
BloodHub Loader.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/Crossfire Rocks.exe
-
Size
1.4MB
-
MD5
8d04696c81cb68646436d40f6aadd187
-
SHA1
21605c970170d7b8a4cb7ffd50f24c46bae13556
-
SHA256
fa9c9a7346635ba2c5d5d71c334d0fd864a9e9addf054dc7ca5888001bcd755b
-
SHA512
de71593371b47f826e4cddf4406515d0c332ea56d516692d2f05110272bcc71101cc88903cf7c64ce96ee0cb047a7bab48bd631e735319512160b9ae2c2f3b0a
-
SSDEEP
12288:0wXBGFxsoqX6brqiWFx7lfja6IMAqttc/cbmIsl3qkfEpr6Sx/fCnLF:02axe6XdgVm+AOtc//vl3qkfM+vF
Score3/10 -
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/JIM.vbs
-
Size
2KB
-
MD5
e2866ac2e042a322743b662b91f4993a
-
SHA1
885213deb93f3461f441a9e206ca06f2aaed6e81
-
SHA256
7c17f6693c2c6216c005a0dae7edd04d8baee64dee44d7ad6dd6f273435ba19d
-
SHA512
e1ac4446d3a65f221efa94ad0ac69d8ba186a86799f0dd646a9eedd847d74a8a8991e70a4e28dcd8e9802b3c5cc074b34f2f616bf70513fbf0c0a7e6b947e51a
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Full Hacks/d3dx9.dll
-
Size
598KB
-
MD5
a3d6220e2fcd64f2e0896c5ffb12db1e
-
SHA1
d5a4c338b8fc6174ef457669e1e96e4609977f7b
-
SHA256
ea898a4d624e64b9b995f47614d2ae159a0e1c8dce45cf7dfd8416000d1a8f51
-
SHA512
704a1b0cedf5567623fb00cce3e2aac31c6ca05424549dbe2eb7d915640d700ec095a337e4cbd3c8524ce8171a417e143edb357f7f039f66aebae27b21f68f5a
-
SSDEEP
12288:QgbHM0uV5vg59oOyKbvoGYg4/7W4V/xN7FIJU3DMZc:wLlg59oKbQW4L/xN7FIJU3Dic
Score3/10 -
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/Crossfire Rocks.exe
-
Size
1.4MB
-
MD5
8d04696c81cb68646436d40f6aadd187
-
SHA1
21605c970170d7b8a4cb7ffd50f24c46bae13556
-
SHA256
fa9c9a7346635ba2c5d5d71c334d0fd864a9e9addf054dc7ca5888001bcd755b
-
SHA512
de71593371b47f826e4cddf4406515d0c332ea56d516692d2f05110272bcc71101cc88903cf7c64ce96ee0cb047a7bab48bd631e735319512160b9ae2c2f3b0a
-
SSDEEP
12288:0wXBGFxsoqX6brqiWFx7lfja6IMAqttc/cbmIsl3qkfEpr6Sx/fCnLF:02axe6XdgVm+AOtc//vl3qkfM+vF
Score3/10 -
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/JIM.vbs
-
Size
2KB
-
MD5
e2866ac2e042a322743b662b91f4993a
-
SHA1
885213deb93f3461f441a9e206ca06f2aaed6e81
-
SHA256
7c17f6693c2c6216c005a0dae7edd04d8baee64dee44d7ad6dd6f273435ba19d
-
SHA512
e1ac4446d3a65f221efa94ad0ac69d8ba186a86799f0dd646a9eedd847d74a8a8991e70a4e28dcd8e9802b3c5cc074b34f2f616bf70513fbf0c0a7e6b947e51a
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
BloodHub Full And Simple Menu/BloodHub v1.1 Simple Hacks/d3dx9.dll
-
Size
650KB
-
MD5
6a63f137f7be27cdd5d3600914636884
-
SHA1
9ea53705619163b3ebe928e38adc228d98b5b869
-
SHA256
1b7d46e48365a7dd4b51565a7a334bfb3b5ca668a807fbc620f0a9b92c3edf35
-
SHA512
2601dd56b47aacc88930ff7c26ba4ab619663d7b320ccc272eb91a98b783ea68950513ee616148549f1d1e17a46492b94adbccc22f1d658ca895f68d39d924f0
-
SSDEEP
12288:f8XcOmGWy7Z4ijBNR110h6s+3qbOJSKUhvGydtXAuExRCKi3ks:fK2GvVlq6FaCQKURQxRCKi3k
Score3/10 -
-
-
Target
BloodHub Loader.exe
-
Size
3.8MB
-
MD5
36d1f3f1177206cf8926561278939ea3
-
SHA1
063694ebefe31baf30ab4db461ba7fcb099756cd
-
SHA256
ae952b1ea4ddafc30a97f9a57852e88993f374085660fe6656333db8020f2bea
-
SHA512
4be9d30953122ee0edcb615c40d2ce0716cbcf45c54da323931a973ae0e2cb808e7f971184deb43702f80d2d441b34adebc1ade97fe5afc051c5cfe94c08b89e
-
SSDEEP
98304:nodc//+diKwqGOlhYVFsqg8vtefmXtYoxMm:odI+cnOlZgYmSo+m
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Indicator Removal
1File Deletion
1Modify Registry
1