Overview

overview

10

Static

static

10

Blox fruit...er.exe

windows7-x64

7

Blox fruit...er.exe

windows10-2004-x64

Resubmissions

20-09-2024 08:30

240920-kekxpaxcrc 10

20-09-2024 08:28

240920-kc2gnaxfnq 10

20-09-2024 08:02

240920-jxazrswele 10

20-09-2024 07:59

240920-jvmksawdqd 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Blox fruits exploiter.exe

  • Size

    106.9MB

  • Sample

    240920-jvmksawdqd

  • MD5

    4670c127cd49d3e38a165f30374ca33c

  • SHA1

    47f85405d1876f311efad50a84439599ef2cbdbe

  • SHA256

    e397f9f6dcb25eb9fd966567ec6517ef944a7c21b7799c1561911ecabfc8c4df

  • SHA512

    e1f507ffb8bd0a437cd11d40da29ecf1086ea51ebb10d0c57fb8d38df9c3e144d03d5409872212386e3dfe48d24f436cd803834b4a10ebe29a48aad7011b8cc4

  • SSDEEP

    3145728:DagL8iS6xjKcBa6/2qHO5izBVnG0iWMstB2Oxbjd:WKJSWNa6NHCittieB

Score
10/10
pysiloncredential_accessevasionexecutionpersistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      Blox fruits exploiter.exe

    • Size

      106.9MB

    • MD5

      4670c127cd49d3e38a165f30374ca33c

    • SHA1

      47f85405d1876f311efad50a84439599ef2cbdbe

    • SHA256

      e397f9f6dcb25eb9fd966567ec6517ef944a7c21b7799c1561911ecabfc8c4df

    • SHA512

      e1f507ffb8bd0a437cd11d40da29ecf1086ea51ebb10d0c57fb8d38df9c3e144d03d5409872212386e3dfe48d24f436cd803834b4a10ebe29a48aad7011b8cc4

    • SSDEEP

      3145728:DagL8iS6xjKcBa6/2qHO5izBVnG0iWMstB2Oxbjd:WKJSWNa6NHCittieB

    Score
    9/10
    credential_accessevasionexecutionpersistencespywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks