Overview

overview

10

Static

static

10

Bloxy.exe

windows7-x64

7

Bloxy.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bloxy.exe

  • Size

    76.6MB

  • Sample

    241002-bx9t4athre

  • MD5

    09b56a741cc2cd996b6f6e511c22de17

  • SHA1

    82bfe409baabfba667bf2959c0bca06183dff983

  • SHA256

    e35bd1073ca8065d86590bbf20fce026e39f2206d7d9ccadd4b271f197c0bfbe

  • SHA512

    0d20c11bb5dd88cad05a35fe4ed0c8916dfd64f2e710eab5c0588548902d32e8861864257ebf1160cbf1d5edec8e082e562084834af91eef48aa4faaf8ba9940

  • SSDEEP

    1572864:WwvHcRlYSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4zjtux3a/Z9U:WwvHcRqSkB05awcfhdCpukdRPA49U

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Bloxy.exe

    • Size

      76.6MB

    • MD5

      09b56a741cc2cd996b6f6e511c22de17

    • SHA1

      82bfe409baabfba667bf2959c0bca06183dff983

    • SHA256

      e35bd1073ca8065d86590bbf20fce026e39f2206d7d9ccadd4b271f197c0bfbe

    • SHA512

      0d20c11bb5dd88cad05a35fe4ed0c8916dfd64f2e710eab5c0588548902d32e8861864257ebf1160cbf1d5edec8e082e562084834af91eef48aa4faaf8ba9940

    • SSDEEP

      1572864:WwvHcRlYSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4zjtux3a/Z9U:WwvHcRqSkB05awcfhdCpukdRPA49U

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks