019e45033b86f262a182bbf4cdbed48dd4c866d18c0ed420d18c4caac622728b

Sharing

Copy URL Twitter E-mail

General

Target

6d464357c2a85fd5a71b1c8e1515590e.bin
Size

5.6MB
Sample

230403-bm1hnsca63
MD5

6d464357c2a85fd5a71b1c8e1515590e
SHA1

1f488d73d7945fcfdfaed4b7e82e599599bb16a0
SHA256

019e45033b86f262a182bbf4cdbed48dd4c866d18c0ed420d18c4caac622728b
SHA512

d480ee2a873cc9578018de7dd5367fa2df9867adf75f965a8d3b2ecfc7c29a59ddb97ba9f7c0e574ebff2a775466fbd7c37242ed8977049e7c4c6de32b3d0130
SSDEEP

98304:FA6DBTrnon5pMO1H9lG36DUINvL2i46sfWM4ct849LB02eaZtxdFf5LgHGG3ZshA:mQCTMO1H9lWNWvL2i468d4cC49LBnvTe

Score

10^/10

upx

Malware Config

Targets

- Target
  
  BLTools v2.2/AlphaFS.dll
- Size
  
  359KB
- MD5
  
  f2f6f6798d306d6d7df4267434b5c5f9
- SHA1
  
  23be62c4f33fc89563defa20e43453b7cdfc9d28
- SHA256
  
  837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
- SHA512
  
  1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
- SSDEEP
  
  6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score

1^/10
behavioral1 behavioral2
- Target
  
  BLTools v2.2/BLTools-v2.2.exe
- Size
  
  4.5MB
- MD5
  
  ef5ee302110f10993a991fd9a2350594
- SHA1
  
  a3f020240217e95c952a4f17cfe101193db1f478
- SHA256
  
  f368811f3bb071d6ee006731fe819a0b7d8cd7ed5fd8110aeb5cb0da22a3a3a7
- SHA512
  
  5d5ade7075ba155046381bf1976de2e05bb355f897075930571f09c398ca9fbd28b499ce82cb13dd3139a9490c4f52237a4eba7e36b6b8fb536ce96af156fdc6
- SSDEEP
  
  98304:W3AsFVBrtaVHd+A1NTzIHG/4EfZRo6gW0bW+egt8qXLbkse219FdVVN3kzes:1wG9+A1NTzOPKZRo6gWG9egCqXLbN5hO
Score

10^/10

upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  BLTools v2.2/BouncyCastle.Crypto.dll
- Size
  
  2.1MB
- MD5
  
  3cf6bf0e0a27f3665edd6362d137e4cc
- SHA1
  
  2016dd5e17331495901299eae9a5db48ccc8956f
- SHA256
  
  1985b85bb44be6c6eaf35e02ef11e23a890e809b8ec2e53210a4ad5a85b26c70
- SHA512
  
  72182dd7ce5fdaec8a79b65626e98f38eb8e74fa6129de08d54b3bb80867019b594082e2d9e583a788d81e69c12f7c6cd993d7d74a196bab72e68400c61e244f
- SSDEEP
  
  49152:FFSSSusJVEDm2CNrmynmTF3P++3UEOkK59Vz4oukkb3KZ5:FFSSSusJeDm2WrmynmTF3m+E
Score

1^/10
behavioral5 behavioral6
- Target
  
  BLTools v2.2/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral7 behavioral8
- Target
  
  BLTools v2.2/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral10 behavioral9
- Target
  
  BLTools v2.2/Ookii.Dialogs.Wpf.dll
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral11 behavioral12
- Target
  
  BLTools v2.2/RandomUserAgent.dll
- Size
  
  328KB
- MD5
  
  839cd4ce1930eee45f55f6259468d649
- SHA1
  
  7afbde253f6adbbc68ce3655b0d5a8b9f6ec1d3b
- SHA256
  
  53331bff5e585c471fad6789313a2a8a687a586cc0a8d006b24085b91ed7fc9a
- SHA512
  
  38faabf5b03512738b98b0243be9701a5668dcd5f2daba540e5bffb0547bb0fc08bc22f62f723c8aaa8ba724fc4820b4ff608e9c0d98c3aad3d5f9609c1d536f
- SSDEEP
  
  3072:umSqPhuDg67YBnmyyiSa2Tu1BpKSE0BrudXz0dLPuY8/0VgvGSQBthFk6K9ZdneS:umSqPhuDS
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Downloads MZ/PE file

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14