Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BLTools-v2.2.exe
-
Size
4.5MB
-
Sample
230401-ptsy3abd51
-
MD5
ef5ee302110f10993a991fd9a2350594
-
SHA1
a3f020240217e95c952a4f17cfe101193db1f478
-
SHA256
f368811f3bb071d6ee006731fe819a0b7d8cd7ed5fd8110aeb5cb0da22a3a3a7
-
SHA512
5d5ade7075ba155046381bf1976de2e05bb355f897075930571f09c398ca9fbd28b499ce82cb13dd3139a9490c4f52237a4eba7e36b6b8fb536ce96af156fdc6
-
SSDEEP
98304:W3AsFVBrtaVHd+A1NTzIHG/4EfZRo6gW0bW+egt8qXLbkse219FdVVN3kzes:1wG9+A1NTzOPKZRo6gWG9egCqXLbN5hO
Static task
static1
Behavioral task
behavioral1
Sample
BLTools-v2.2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BLTools-v2.2.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BLTools-v2.2.exe
-
Size
4.5MB
-
MD5
ef5ee302110f10993a991fd9a2350594
-
SHA1
a3f020240217e95c952a4f17cfe101193db1f478
-
SHA256
f368811f3bb071d6ee006731fe819a0b7d8cd7ed5fd8110aeb5cb0da22a3a3a7
-
SHA512
5d5ade7075ba155046381bf1976de2e05bb355f897075930571f09c398ca9fbd28b499ce82cb13dd3139a9490c4f52237a4eba7e36b6b8fb536ce96af156fdc6
-
SSDEEP
98304:W3AsFVBrtaVHd+A1NTzIHG/4EfZRo6gW0bW+egt8qXLbkse219FdVVN3kzes:1wG9+A1NTzOPKZRo6gWG9egCqXLbN5hO
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-