Overview
overview
10Static
static
7BLTools 1....FS.dll
windows7-x64
1BLTools 1....FS.dll
windows10-2004-x64
1BLTools 1.....9.exe
windows7-x64
10BLTools 1.....9.exe
windows10-2004-x64
10BLTools 1....et.dll
windows7-x64
1BLTools 1....et.dll
windows10-2004-x64
1BLTools 1....pf.dll
windows7-x64
1BLTools 1....pf.dll
windows10-2004-x64
1General
-
Target
BLTools 1.9 [CRACKED BY INJUAN].7z
-
Size
9.4MB
-
Sample
220806-d9qyvscfb5
-
MD5
adfb510037f2da72dbe3b077d12bf0ee
-
SHA1
b181ec66ab76e0ef2cb7fbeab7f271dd0d8ea789
-
SHA256
5e5c17140ce8829ed152d6fce28064e9f5693d789d9ffd2e6b45e330cf5f2207
-
SHA512
9c6a8772f3ec9044972b62f6e5b2e94e1283203aff6f9bbcbf91590f41b1be1e2e0a7c374b14063c8995b974dc0c507e96a90c458243c4acafcf70e6fdb25fa3
Behavioral task
behavioral1
Sample
BLTools 1.9 [CRACKED BY INJUAN]/AlphaFS.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
BLTools 1.9 [CRACKED BY INJUAN]/AlphaFS.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral3
Sample
BLTools 1.9 [CRACKED BY INJUAN]/BLTools-v1.9.exe
Resource
win7-20220715-en
Behavioral task
behavioral4
Sample
BLTools 1.9 [CRACKED BY INJUAN]/BLTools-v1.9.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral5
Sample
BLTools 1.9 [CRACKED BY INJUAN]/Extreme.Net.dll
Resource
win7-20220718-en
Behavioral task
behavioral6
Sample
BLTools 1.9 [CRACKED BY INJUAN]/Extreme.Net.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral7
Sample
BLTools 1.9 [CRACKED BY INJUAN]/Ookii.Dialogs.Wpf.dll
Resource
win7-20220715-en
Behavioral task
behavioral8
Sample
BLTools 1.9 [CRACKED BY INJUAN]/Ookii.Dialogs.Wpf.dll
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
BLTools 1.9 [CRACKED BY INJUAN]/AlphaFS.dll
-
Size
359KB
-
MD5
f2f6f6798d306d6d7df4267434b5c5f9
-
SHA1
23be62c4f33fc89563defa20e43453b7cdfc9d28
-
SHA256
837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
-
SHA512
1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
Score1/10 -
-
-
Target
BLTools 1.9 [CRACKED BY INJUAN]/BLTools-v1.9.exe
-
Size
9.3MB
-
MD5
5b8fee9267593396b57d345a9afc7ddb
-
SHA1
264968d1bf7c1f6ad0ca4cbdeb89762ddd294948
-
SHA256
90dc5d6d2a6b8b4dc6b5f95c44d24b1b6e1916911b1b7a51dd97ed055156fddd
-
SHA512
69f9254f78f6ba09d456321cdc74dd74115debc5b91d4abf00cbf665d91ace2d1f4289ee0be9aa32a437b3d14d420b149e778a244c1478df59f3bc9a9571f085
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
BLTools 1.9 [CRACKED BY INJUAN]/Extreme.Net.dll
-
Size
121KB
-
MD5
f79f0e3a0361cac000e2d3553753cd68
-
SHA1
4314bcef76fddc9379a8f3a266b37d685d0adb79
-
SHA256
8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
-
SHA512
c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
Score1/10 -
-
-
Target
BLTools 1.9 [CRACKED BY INJUAN]/Ookii.Dialogs.Wpf.dll
-
Size
103KB
-
MD5
932ebb3f9e7113071c6a17818342b7cc
-
SHA1
9ce2d08bc3840632092325abcc8d842eeb8189d4
-
SHA256
285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
-
SHA512
6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
Score1/10 -