ioc[.]one - OSINT Cyber Threat Intelligence Database

BLX STEALER - CYFIRMA

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Compromise Accounts
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Archive Via Library - T1560.002 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Create Or Modify System Process - T1543 Credentials - T1589.001 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Steal Or Forge Authentication Certificates - T1649 System Checks - T1497.001 Web Service - T1481 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Command-Line Interface - T1059 Execution Through Module Load - T1129 Powershell - T1086 System Network Configuration Discovery - T1016 Web Service - T1102

Show in Graph

Common Information

Type	Value
UUID	caaa6073-9a16-4db9-915b-66d7b6fc8ba7
Fingerprint	95261d09a5bb96d1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 9, 2024, midnight
Added to db	Sept. 12, 2024, 11:43 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	BLX STEALER
Title	BLX STEALER - CYFIRMA
Detected Hints/Tags/Attributes	92/3/24

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/research/blx-stealer/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	File	27	node.exe
Details	File	7	temp.ps1
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1208	powershell.exe
Details	File	1	c:\users\user \appdata\local\temp\temp.ps1
Details	File	59	csc.exe
Details	File	26	cvtres.exe
Details	File	1	c:\users\admin\appdata\local\temp\decrypted_executable.exe
Details	sha256	2	8c4daf5e4ced10c3b7fd7c17c7c75a158f08867aeb6bccab6da116affa424a89
Details	sha256	1	d3da2061327b09f1eba1b9d5db0c61db24b9f6b13bae96510bb791057067ab34
Details	sha256	2	e74dac040ec85d4812b479647e11c3382ca22d6512541e8b42cf8f9fbc7b4af6
Details	sha256	2	32abb4c0a362618d783c2e6ee2efb4ffe59a2a1000dadc1a6c6da95146c52881
Details	sha256	2	5b46be0364d317ccd66df41bea068962d3aae032ec0c8547613ae2301efa75d6
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	122	T1543
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	6	T1649
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	29	T1560.002
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	149	T1102