Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

BlitzedV12...12.exe

windows7-x64

7

BlitzedV12...12.exe

windows10-2004-x64

7

BlitzedV12...xe.xml

windows7-x64

3

BlitzedV12...xe.xml

windows10-2004-x64

1

BlitzedV12...OR.dll

windows7-x64

1

BlitzedV12...OR.dll

windows10-2004-x64

1

BlitzedV12...hy.dll

windows7-x64

1

BlitzedV12...hy.dll

windows10-2004-x64

1

BlitzedV12...ed.exe

windows7-x64

10

BlitzedV12...ed.exe

windows10-2004-x64

10

BlitzedV12...to.dll

windows7-x64

1

BlitzedV12...to.dll

windows10-2004-x64

1

BlitzedV12...on.dll

windows7-x64

1

BlitzedV12...on.dll

windows10-2004-x64

1

BlitzedV12...le.exe

windows7-x64

3

BlitzedV12...le.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bltized.zip

  • Size

    3.2MB

  • Sample

    240814-1d23kswcne

  • MD5

    1ce1d3086d47d946e50d71d5ea62c4c6

  • SHA1

    6ea298e1d7ec72cfa899ee3a6b62d56d82690375

  • SHA256

    1d54f75b31713396cf394bcc659ec80470eff7a3c90bb66b179e80775286e9c5

  • SHA512

    8801a87e0c8329810dbbcc32f3fc0601073426754859d05179b111b8efef833bc911623bd3095302b696d58b8fbd8bc1effddaa2a0993abd3040e9f3c8f60b73

  • SSDEEP

    98304:xOCmf4p2Yr40Y8962UYhyRt3bk9zhuKBScTsZjcl:x924YYr4pH58mk9zhuuScTsZQl

Score
10/10
stormkittyagilenetcredential_accessdiscoveryevasionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      BlitzedV12/BlitzedGrabberV12.exe

    • Size

      1.9MB

    • MD5

      006cd7ac7f04dfecdb6c58c9e380aca0

    • SHA1

      fd06e16fd731dacb516a945a6cb619b30ecf7ff4

    • SHA256

      b0ec85887a9ad75110914916ab2a2d45487e4b65713d4272c050430d80665e64

    • SHA512

      47014779312ec5d9481a3c2c97d7e48884e8f61b7a03ee980c2b40fb9e32cfa078554abc45b67d04f6786d2013b0cec0d8be700bda150990f7c44dc6469bef09

    • SSDEEP

      49152:MmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG:z49wi73fWc

    Score
    7/10
    agilenetdiscovery

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

    • Target

      BlitzedV12/BlitzedGrabberV12.exe.config

    • Size

      320B

    • MD5

      c6e6fc3cdec0ad213d9330a9b630fd5c

    • SHA1

      ed4278e0e4b9d1b47fbe92ca2f98af62e5d6c027

    • SHA256

      96c2db8d8037a20cc6550c935f9a11da70f84a2bc64a1be1807b06bc1bda2492

    • SHA512

      37ee70ae328547b684db668ce59c9f7eea672184fb1f5ed41341a0fab84bbe0419f0706742832fc6f1ae78e474cd1d3f5f757fc9c44ed0ca557101a733532e0f

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      BlitzedV12/Resources/APIFOR.DLL

    • Size

      13KB

    • MD5

      91b4d211faddb0ebc64fb000d75d96c1

    • SHA1

      ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c

    • SHA256

      e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de

    • SHA512

      3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919

    • SSDEEP

      192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa

    Score
    1/10
    behavioral5behavioral6

    • Target

      BlitzedV12/Resources/Anarchy.dll

    • Size

      698KB

    • MD5

      6e98294b98518075b872609eb80916e7

    • SHA1

      d03580a690174dfd8165c156e84b95e8ebb382cb

    • SHA256

      51fd6a092762e04a76726cb55110acae2f622feab2c1a1bc159f7018fb9425d6

    • SHA512

      85779d353f094d4d915f0d96480a38a723645b07c5501167e4c75d2902f43a678020765996cfed079436814b7d89dcd50e75aa5df8c621c36024a356fa37e10b

    • SSDEEP

      6144:e08MwBcoH7SdWjnY+XgqUydiyBWBNTMF43m6F0ba2zg71YcDKQpskkkp7SDkXzcB:e0FWVu8Y+Xg1SObDKYvItbnZIk

    Score
    1/10
    behavioral7behavioral8

    • Target

      BlitzedV12/Resources/Blitzed.exe

    • Size

      62KB

    • MD5

      30f6e2bb5a85d1345c397fddef0da0ad

    • SHA1

      6e2ef88bac4c1aff2e21932583f0e7905134e818

    • SHA256

      649ab9ccf17dc122d9657ad27a4945583a424179095dafeac3854c3835f2302b

    • SHA512

      32cacb4b1c888d7b9ae3f9a568fbb1ecf2ff2aec66feb764afc26890f69f7c1e18a309f3c19d5816a2d88535e03d2ac678abdf0aff7d35df1dfb7db1d4c1ebe6

    • SSDEEP

      1536:Bx3/tG7IynUmwQROSIL4mBmVuLh9nmHDf:BxgIynUmwQoem5Lh9mHDf

    Score
    10/10
    stormkittycredential_accessdiscoveryevasionpersistenceprivilege_escalationspywarestealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral10behavioral9

    • Target

      BlitzedV12/Resources/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    behavioral11behavioral12

    • Target

      BlitzedV12/Resources/Newtonsoft.Json.dll

    • Size

      492KB

    • MD5

      5e02ddaf3b02e43e532fc6a52b04d14b

    • SHA1

      67f0bd5cfa3824860626b6b3fff37dc89e305cec

    • SHA256

      78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb

    • SHA512

      38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

    • SSDEEP

      12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH

    Score
    1/10
    behavioral13behavioral14

    • Target

      BlitzedV12/Resources/UltraEmbeddable.exe

    • Size

      465KB

    • MD5

      b6b77d0798d39d7fadd69784c4e47c30

    • SHA1

      967af699bd9e0f2f20b0743323e5cdd6c3767ea2

    • SHA256

      e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8

    • SHA512

      5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6

    • SSDEEP

      12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO

    Score
    3/10
    discovery
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks