Overview
overview
9Static
static
7AlphaFS.dll
windows7-x64
1AlphaFS.dll
windows10-2004-x64
1BLTools v2...O].exe
windows7-x64
5BLTools v2...O].exe
windows10-2004-x64
5CookiesCre....2.exe
windows7-x64
9CookiesCre....2.exe
windows10-2004-x64
9Extreme.Net.dll
windows7-x64
1Extreme.Net.dll
windows10-2004-x64
1License.dll
windows7-x64
1License.dll
windows10-2004-x64
1MaterialDe...rs.dll
windows7-x64
1MaterialDe...rs.dll
windows10-2004-x64
1MaterialDe...pf.dll
windows7-x64
1MaterialDe...pf.dll
windows10-2004-x64
1Microsoft....rs.dll
windows7-x64
1Microsoft....rs.dll
windows10-2004-x64
1Ookii.Dialogs.Wpf.dll
windows7-x64
1Ookii.Dialogs.Wpf.dll
windows10-2004-x64
1Resubmissions
15-06-2024 18:07
240615-wqpksstdnm 9Analysis
-
max time kernel
122s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 18:07
Behavioral task
behavioral1
Sample
AlphaFS.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
AlphaFS.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
BLTools v2.9.1[PRO].exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
BLTools v2.9.1[PRO].exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
CookiesCreator v1.2.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
CookiesCreator v1.2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Extreme.Net.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Extreme.Net.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
License.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
License.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
MaterialDesignColors.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
MaterialDesignColors.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
MaterialDesignThemes.Wpf.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
MaterialDesignThemes.Wpf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Microsoft.Xaml.Behaviors.dll
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Microsoft.Xaml.Behaviors.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Ookii.Dialogs.Wpf.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
Ookii.Dialogs.Wpf.dll
Resource
win10v2004-20240611-en
General
-
Target
BLTools v2.9.1[PRO].exe
-
Size
3.2MB
-
MD5
025d637741b1b326ded2e99e6b54ed77
-
SHA1
5fb6a288559f54aeb42203cf5e44a072c74f942f
-
SHA256
d68b3cdca20f0b871a653a3203e4292846e766b45fb989856a2de0fb9e0c4860
-
SHA512
720f4f03febbe7fdd661c14349680f6511a69487b0bdf5cd47ab4594b1fad49edeb0bde8e287272d84e21efc916ba91ca71bfa2632eba76e379e07815163d26b
-
SSDEEP
98304:M7+TEjqbFZN2l9OqOj/VCB1CRSHgmYrrwCY:pTeqbzN69OqOjmURSAmY
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
BLTools v2.9.1[PRO].exepid process 1696 BLTools v2.9.1[PRO].exe 1696 BLTools v2.9.1[PRO].exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1696-0-0x000000007478E000-0x000000007478F000-memory.dmpFilesize
4KB
-
memory/1696-1-0x0000000001330000-0x0000000001A80000-memory.dmpFilesize
7.3MB
-
memory/1696-2-0x0000000000400000-0x0000000000401000-memory.dmpFilesize
4KB
-
memory/1696-3-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-4-0x0000000000670000-0x0000000000694000-memory.dmpFilesize
144KB
-
memory/1696-5-0x00000000058C0000-0x00000000061EC000-memory.dmpFilesize
9.2MB
-
memory/1696-6-0x0000000000B50000-0x0000000000BA0000-memory.dmpFilesize
320KB
-
memory/1696-7-0x0000000004EC0000-0x0000000004F20000-memory.dmpFilesize
384KB
-
memory/1696-8-0x0000000000A50000-0x0000000000A70000-memory.dmpFilesize
128KB
-
memory/1696-9-0x00000000061F0000-0x0000000006332000-memory.dmpFilesize
1.3MB
-
memory/1696-11-0x0000000000C50000-0x0000000000C5A000-memory.dmpFilesize
40KB
-
memory/1696-10-0x0000000000C50000-0x0000000000C5A000-memory.dmpFilesize
40KB
-
memory/1696-12-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-13-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-14-0x000000007478E000-0x000000007478F000-memory.dmpFilesize
4KB
-
memory/1696-15-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-16-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-17-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-18-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-22-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-21-0x0000000000C50000-0x0000000000C5A000-memory.dmpFilesize
40KB
-
memory/1696-19-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-20-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-23-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-24-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-25-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-26-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-27-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-28-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-29-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-31-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-30-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-32-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-33-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-34-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB
-
memory/1696-35-0x0000000074780000-0x0000000074E6E000-memory.dmpFilesize
6.9MB