Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BLTools-v2.2.exe

  • Size

    4.5MB

  • Sample

    230401-ptsy3abd51

  • MD5

    ef5ee302110f10993a991fd9a2350594

  • SHA1

    a3f020240217e95c952a4f17cfe101193db1f478

  • SHA256

    f368811f3bb071d6ee006731fe819a0b7d8cd7ed5fd8110aeb5cb0da22a3a3a7

  • SHA512

    5d5ade7075ba155046381bf1976de2e05bb355f897075930571f09c398ca9fbd28b499ce82cb13dd3139a9490c4f52237a4eba7e36b6b8fb536ce96af156fdc6

  • SSDEEP

    98304:W3AsFVBrtaVHd+A1NTzIHG/4EfZRo6gW0bW+egt8qXLbkse219FdVVN3kzes:1wG9+A1NTzOPKZRo6gWG9egCqXLbN5hO

Score
10/10
upx

Malware Config

Targets

    • Target

      BLTools-v2.2.exe

    • Size

      4.5MB

    • MD5

      ef5ee302110f10993a991fd9a2350594

    • SHA1

      a3f020240217e95c952a4f17cfe101193db1f478

    • SHA256

      f368811f3bb071d6ee006731fe819a0b7d8cd7ed5fd8110aeb5cb0da22a3a3a7

    • SHA512

      5d5ade7075ba155046381bf1976de2e05bb355f897075930571f09c398ca9fbd28b499ce82cb13dd3139a9490c4f52237a4eba7e36b6b8fb536ce96af156fdc6

    • SSDEEP

      98304:W3AsFVBrtaVHd+A1NTzIHG/4EfZRo6gW0bW+egt8qXLbkse219FdVVN3kzes:1wG9+A1NTzOPKZRo6gWG9egCqXLbN5hO

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks