General
-
Target
BLTools BY XIII.exe
-
Size
5.9MB
-
Sample
230610-3lp44aga72
-
MD5
016832e3ce6c4cf62015ac78998b7ead
-
SHA1
7090ba721ad1f71d50d7446d0b41b00e6256026f
-
SHA256
0fbeb20947f75b3e1bc730b8ddaaca5c55fd162d557dae2fe33babd7cbef716a
-
SHA512
5c151d367eb9dde8f89240dd46f44c5024ad199a7c4928ac1f9ab1e5d1d91d54c10608171b6912cf4112e0a593880b2ebd7c12a0cc480f7b15bfb060e74feb1b
-
SSDEEP
98304:5DJfFfupztdd20BbRFmN7nvIYAzYGVEooAZJTIya+vJ9OTOWjY9olN:/Ffupzd209RFOcYAsvAZ5If+vJ9OqXqN
Static task
static1
Behavioral task
behavioral1
Sample
BLTools BY XIII.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BLTools BY XIII.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
v2.0
@XIIIOLYMPUS
xiiiolympus.zapto.org:2000
WindowsExplorer
-
reg_key
WindowsExplorer
-
splitter
|-F-|
Targets
-
-
Target
BLTools BY XIII.exe
-
Size
5.9MB
-
MD5
016832e3ce6c4cf62015ac78998b7ead
-
SHA1
7090ba721ad1f71d50d7446d0b41b00e6256026f
-
SHA256
0fbeb20947f75b3e1bc730b8ddaaca5c55fd162d557dae2fe33babd7cbef716a
-
SHA512
5c151d367eb9dde8f89240dd46f44c5024ad199a7c4928ac1f9ab1e5d1d91d54c10608171b6912cf4112e0a593880b2ebd7c12a0cc480f7b15bfb060e74feb1b
-
SSDEEP
98304:5DJfFfupztdd20BbRFmN7nvIYAzYGVEooAZJTIya+vJ9OTOWjY9olN:/Ffupzd209RFOcYAsvAZ5If+vJ9OqXqN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-