Resubmissions

12-12-2024 06:44

241212-hht9estmay 10

General

  • Target

    bloxstrap-main.rar

  • Size

    8.2MB

  • Sample

    241212-hht9estmay

  • MD5

    a255ac14ddda1b874a2476740c1a36f7

  • SHA1

    efcadb7caca38f57b26e39dfbf838ace95ae8982

  • SHA256

    1299eda06c04847ff1e6eae9dc15a665cd663f620e64256fe970f124049b7d08

  • SHA512

    1abaabdad117d5654fee39cebf5fde278f0692ab3438e73c9296003fe28d2992fe24719e9ff443b2fcff8f194904d45daa8571c40806d9e50a276abbd9239e76

  • SSDEEP

    196608:4BcFLKfK92mBqEGizkjjcy4SBABj0b7WxoXHdEntr6hhGXonHM5YJPQE:4Bc44phjk6uGr6hsX95W

Malware Config

Targets

    • Target

      bloxstrap-main/Bloxstrap/App.xaml.cs

    • Size

      10KB

    • MD5

      0b6b695cd68555691c4c404a80c8fbd1

    • SHA1

      0fcd61894614db964e0bf8de0128bc2015e65567

    • SHA256

      9de33cad2acd9ae97bdeb1841e7306baa4ddd0dea8034e90666ece41981f96fc

    • SHA512

      a0d6759256c3388e3d62bd9d73a6e9566f2703345f3e7291f8f5e8cfa32acb0a570e0913b6b4915055dcb4f52c2ae66fde3e04ce4be955a7fa966bcb2928161b

    • SSDEEP

      192:s1txG4+6YuAuu+7SuNLLmsl5+LebZ8SDfLnu4bf:s1o8S+LajCF7C4bf

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Bloxstrap.exe

    • Size

      7.0MB

    • MD5

      3b7e32ec9089d2899e1700030dd837f1

    • SHA1

      247a69ab65ae550ee928484e984f40417df6d5a9

    • SHA256

      cbf6ba0da350dcfcad1e73dbbd838d129ae72e7f90b9138b241e8f0523144d83

    • SHA512

      67acd0040b9cae6d5bdf121f0a1b1aaccc45c832b60ca9c50bf95c10644d0127a49c9e4982a79eeb3a531457ec1bd043ad887446ab61a929f9f1d035eaaa2899

    • SSDEEP

      98304:01ywDjWM8JEE1r9amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIR:0110IeNTfm/pf+xk4dWRGtrbWOjgWym

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      bloxstrap-main/Bloxstrap/Bootstrapper.cs

    • Size

      63KB

    • MD5

      b3849af38f09203af4f5e8c309b2bd2a

    • SHA1

      a29dd346cf246f6a6adb20942e5620b26e6e675e

    • SHA256

      ba89494ea20a7e1a4d8c6e25458a71840d968647394053b46867ed91d19d9703

    • SHA512

      2f45616e0cd47f1ce75b095e32fa18fa64b79fa4781598f75d4e6f568aa20bd38ce2bbc2b7ea81a022732be920f5eb0d7b4af6e3cf52c52ccf098909ad51ce10

    • SSDEEP

      768:LIFboFuUpkxPalQBGg4q0mCm26+1mFvjNI/P5L9Th4F2OUDuesmfn0n6jUxyUDny:LEUlQ87lAy

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Extensions/BootstrapperIconEx.cs

    • Size

      2KB

    • MD5

      3850b24572c8585c1584e7662cbe18bd

    • SHA1

      9f7745294dd6400f5336229f9d849dcb7dc698ce

    • SHA256

      0f8250fd269fa1254fe5a12461fe20b4588056e659bb89e4b097cccbc824d6a3

    • SHA512

      15b12c1420db62a02e2f17c0ee05e34afe42dcf78913332d2e196ae9afaabad2340e3002f3183c0f8b567984ac80b3d0b9cefb388dba6cee0f5e5bf03380faa6

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Extensions/ThemeEx.cs

    • Size

      659B

    • MD5

      0706d6f0bec55789b35816fff1675cc2

    • SHA1

      328a99ee964cb2a9ffbced4695b84613f22df310

    • SHA256

      09a344f4e331b9c84a8be0d2dbbd91c2cd42be8185687df6d5469f2d2c7de939

    • SHA512

      fce0d134f54536674c56dfc42e7fb2543b8283378fb36832c1f59bc61c321eed9be4279330da74636e7db1608d1859b97d67d1ec767e8678f3a473cc37012e6c

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/FastFlagManager.cs

    • Size

      16KB

    • MD5

      a98b630e57bd355f1f0429bf4dfcbdb6

    • SHA1

      85310465c7a0c8c74af81845b8018d8c6c879b06

    • SHA256

      2cdbd9b64c0a1b9335e8f3c0493e54c8d90e57bc217a2a6e09d889bc830f0b17

    • SHA512

      2976cbdb2cb2cb1f858fa946fee279e1502eef4c7ea372d5c4fd5b8879d18c2ec112fbde88590047b0c2d75600f06d09130d5f7e88a7b1211779148a21d8218a

    • SSDEEP

      192:940dnY5oNGeGbzEiZbS9Ih5kpk0HneIEwThS2SUSGSCsxO16NHqiU7F7OHnVWJlO:i0mmGbwUKIh5uKHUJOl

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/InstallChecker.cs

    • Size

      9KB

    • MD5

      2bb99de61c726c57cdbcc95a135ffc7a

    • SHA1

      1037b7fc84ddd164406ccc4e36d87816be6abb7b

    • SHA256

      5db7e47fe11561b65c1f50e0e40e0f83813c0d9ce2a3d82581770a633be8af31

    • SHA512

      651d7e5f53927f58b9e7f52d5d93e1ed8766878ed78bb8b04d91dd3e6b60be6ba1898a455688de675904a0e5763ffa6bbf0d37faa3ab3c455f5f5c95fce09b24

    • SSDEEP

      192:kANe8oNYC9jq1y5wuIKRuWvV62VS07k6JP3upsyL:kAk8CYCT5Y6AYat

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Integrations/ActivityWatcher.cs

    • Size

      13KB

    • MD5

      aa3b76648163c84d6f0ff97312115a45

    • SHA1

      5e85ca3458956ceb1b14db80e4474356fed6db82

    • SHA256

      7f65dd0fadb57358d7ffdf435a00b25e906e24a1c2b6104c72c92cc4cf71b5b0

    • SHA512

      5499f3ddbe98aceb2029cc66ea91df651e2f8d14e795099a4d0670d601af6f7fee272d10c6a168a3a12e0a1d102892c3e1cd3bfd07ea99dc4ab1ddda7f0b9795

    • SSDEEP

      384:HzCAAtPSkq819IEthMmJNMxijGoDRlUZAQ:HOACqkq8jIEthMmJNMUjGoDRlUZAQ

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Integrations/DiscordRichPresence.cs

    • Size

      12KB

    • MD5

      4cd9c30095077aaef8a6cc85e3757648

    • SHA1

      3e77c7e1fa1731f77f5111129749c3bc9784ae9b

    • SHA256

      c18550c5083f242a55f34adfb6bce3c545bd23765ceafc83447507b6ef73633b

    • SHA512

      c19c79804b82f4a817cce372239332cb51a5b07a3bada523778454f96e3a47a87952d42178b0ff673ebd5bfeea6879b7f769140f45068007c35981e0be4d3863

    • SSDEEP

      192:p+0ujHz/MeeHVqqUBtOqsSMmO8w/osQ66pOh69PJ8XqMOqF6W0L:p0jHsCWmSI64

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/JsonManager.cs

    • Size

      1KB

    • MD5

      1d0b088799dff4bb5aa54e8c7989e6be

    • SHA1

      d8af116d745dc00b1a0bd73fc7119b274408dda6

    • SHA256

      5444f849210f2d2dc4359730e8f5e410756241d91ccf555e9407eed28d783f55

    • SHA512

      03ebc0a8387729a2e51a89393573a833d4693a60a1e38903953402e8581821585aa61a5e93f7466d8a139b4e39a9c3a3d85d9d18c868c9b85a0ca5709f0c2555

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/LaunchSettings.cs

    • Size

      5KB

    • MD5

      771b67ad09b25ce69904a43449303c07

    • SHA1

      b97d7a0dfc9fecb0b302f602084e2ff7ed3f2547

    • SHA256

      e36da6aab451ff71574e32c6667fd12ca582cca807d6a4148985d641df063775

    • SHA512

      2f317022761351d62c65ea9b8456e6cf01083c9e968481d0af366d597ac947934a0abcf7c0b4ea5738f73b081ae235b1fe466bba6274def8d407bce51c184586

    • SSDEEP

      96:9Xj4Y26MKV7XiekeIQ4eAeieYG9tmsiCAqITCySR4tn/4kg80LkFzR6QCkWKNnIP:98FSL1IQJBnfXmsiDqITCyiq/90LkFzM

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Logger.cs

    • Size

      3KB

    • MD5

      424685e370181f3d4f5fe09c0cfe5e18

    • SHA1

      b23d2d85de8daaf05b1da1e046447d23689b6757

    • SHA256

      45c4b2cc00000d15988ac534f5ea4039e7647311fec35189157b10464b04bfa1

    • SHA512

      c09cece09fb90dd261cae6800e439d9b3770cf68b2a1c3d1f217b0bcd5f21c72ee54b09dbbe8875b515138f7322306a3754dac769b965a61775ff3260790d951

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Models/Manifest/FileManifest.cs

    • Size

      1000B

    • MD5

      72f09007100637e59807ec3c27fc25ec

    • SHA1

      d0cc2e6c48270e15dc6a543f236185a9ebdfe119

    • SHA256

      c882db1a735129eb54590a7d3eb292bfaaa3adfcb28977c2cb5a5b07d9bd6874

    • SHA512

      3f5ae77dcb63125acedeb2618519aa4ae4eac6904dfb9a215abb4d0d3d74f8fb5bbde93d979238575053f0eeb0a2c689fcb0048322a38e510c5b873cb70f3921

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Models/Manifest/PackageManifest.cs

    • Size

      1KB

    • MD5

      f41c4e62ab449e75d9a43fa795e2520f

    • SHA1

      1156062147f2f297f2f276717c16766ec7a8f54f

    • SHA256

      ba4ad3a03822c33c1ac53b4173ba1bb601fe52456998cf804d49035a71dac9ef

    • SHA512

      8fa214271ddac0f42999912783b95cbe3c9a98e34845239f599ee86956a2430606d0feb3e5ed54d3b1acffa7cdce24e8175732389322fcceca0bb59b7266b2fb

    Score
    3/10
    • Target

      bloxstrap-main/Bloxstrap/Properties/Resources.Designer.cs

    • Size

      7KB

    • MD5

      f982ec623d4499e71ab05cb16fea80e7

    • SHA1

      63a48116b8d38a636e2cc4b62f95afab42e99e81

    • SHA256

      f6e376646b91eec80a992830e5e8e53a910af553e07402abbc5fbc545c85f575

    • SHA512

      e3899eb0d9d5f3dc2f47783d24af00ada1462116238fd8c4eed476e76c3455da7ec841bc9db23a9cb31e50da6fff3ff32b6d5a237fa187f5575d2e6a02395259

    • SSDEEP

      192:agTtsxZ1PPy5U1dotTWEzayCW+zayCWQzayCWqzaTWo5aTWo5aTWc5aTW05aTWsy:agTs1Z14WESW+SWQSWqyWooWooWcoW0l

    Score
    1/10
    • Target

      bloxstrap-main/Bloxstrap/Properties/Resources.resx

    • Size

      8KB

    • MD5

      2c4d0a62e05cd570150883d3ae0bdc57

    • SHA1

      508f822d102a27f830bccca36282c70fa3cf83bd

    • SHA256

      8d74fde8ba2b3b2a4f5561a3c2c021b5900ffa8cc82003fd6ac229252264e701

    • SHA512

      6178860823ddac2f67980d67ed123d5d0c6fa9fd1fde08defd837d4f2a64003e5d8e87671ffc61801f3e0a69d3460c64efbb7d8ff9692489d8aa3f4535dfc950

    • SSDEEP

      192:Zf+tLPfYnLvFVOiFQaUD7Ugseokw9++okw9mWokw9Gmokw9re4vw9Kueyvw9DeY0:Zf+tLPQnLvDOiFQXD7Ugpokw9xokw9Ti

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

blankgrabber
Score
10/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

upx
Score
7/10

behavioral4

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10