Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

BLTools 2.9.1 Pro.rar

windows7-x64

3

BLTools 2.9.1 Pro.rar

windows10-2004-x64

3

BLTools 2.9.1 Pro.exe

windows7-x64

8

BLTools 2.9.1 Pro.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BLTools 2.9.1 Pro.rar

  • Size

    11.3MB

  • Sample

    240720-ab3cfsxbkq

  • MD5

    61f16f75859721ad978380be1897f028

  • SHA1

    b94c13a9950b674f0028bd75caa63839f3541d33

  • SHA256

    cb11f3b1500e002c78c3f74397adf898e96d001d853faa552106f1ddf02b90fc

  • SHA512

    ace39332ffbf8348f4d826351654a86c711917acd8c00b5da4f689051e12053019a2a86d0b4f2d09fc4947ee6cea1f947835cfd43ea8f5ccff62cbeb7a107673

  • SSDEEP

    196608:k3LJkrz6F0SWpYAbCt8E9Xbx8CBA2lWJa6pTgv5e36Yt//:iJCz6PWhbk9Xbx8CBAIWXpV

Score
8/10
executionthemida

Malware Config

Targets

    • Target

      BLTools 2.9.1 Pro.rar

    • Size

      11.3MB

    • MD5

      61f16f75859721ad978380be1897f028

    • SHA1

      b94c13a9950b674f0028bd75caa63839f3541d33

    • SHA256

      cb11f3b1500e002c78c3f74397adf898e96d001d853faa552106f1ddf02b90fc

    • SHA512

      ace39332ffbf8348f4d826351654a86c711917acd8c00b5da4f689051e12053019a2a86d0b4f2d09fc4947ee6cea1f947835cfd43ea8f5ccff62cbeb7a107673

    • SSDEEP

      196608:k3LJkrz6F0SWpYAbCt8E9Xbx8CBA2lWJa6pTgv5e36Yt//:iJCz6PWhbk9Xbx8CBAIWXpV

    Score
    3/10
    behavioral1behavioral2

    • Target

      BLTools 2.9.1 Pro.exe

    • Size

      6.4MB

    • MD5

      d3b80d2e6480771f7e418d35fdee5ef3

    • SHA1

      7d9f1c09aebbf199d913b911073c99792b315f26

    • SHA256

      b1906ad0d515c2e29b7bf0cc47ea25cf0c63c6be5f828f5b73943f5e6915063e

    • SHA512

      01e1bcddcd0efefcf31a65809be5d8ccb679870829cf08a4c8b4aa8db298b9b002ff8971b13321c9eb64b6a41dd70d5ca13e5a886395a2883013f939736dd91a

    • SSDEEP

      196608:chJoo8pE2SNowmev8lJKjieK7adi6tC2w5hz:SeHSWe0lJP7wH5it

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks