General
-
Target
BLTools v2.9 PRO.zip
-
Size
18.5MB
-
Sample
241025-2ttxksxbrm
-
MD5
45e6429f381b62b11905b99c2e98650f
-
SHA1
618203f2d8d289c8e26558c689af3e1ba1399aae
-
SHA256
94b1aee4ca3f71653b2a7dd14c67384416acb7b7b3bbcdc6b62abbf47fc1394f
-
SHA512
16d40f67a4a393bc3b28b24ed0cfe724078e6195f0d53067f110196afb2e94d2e7575d9691fb10a03c128859cab08a3ddea99c9aedaa7ad1e7dc94415917b6ea
-
SSDEEP
393216:qEoH4YmHiHtbVeq999/fKuZ46I2apE4OrkzSYimlTvKYQva4Fo4Ig5WC7a:vXiNhPLfJI2Hfk+wTvhFgkC7a
Malware Config
Targets
-
-
Target
BLTools v2.9 PRO/AlphaFS.dll
-
Size
359KB
-
MD5
f2f6f6798d306d6d7df4267434b5c5f9
-
SHA1
23be62c4f33fc89563defa20e43453b7cdfc9d28
-
SHA256
837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
-
SHA512
1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
-
SSDEEP
6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score1/10 -
-
-
Target
BLTools v2.9 PRO/BLTools v2.9 PRO.exe
-
Size
3.2MB
-
MD5
8c949c1a3189fc8845f22295ee72a150
-
SHA1
1df3585b887e077251008c68f233f128c08b0b74
-
SHA256
53b6b47c5dbfbb8ea17990309e9549acc44d8b5d4b1c9e76ec754653f5d31870
-
SHA512
b27d485b3cd4633edb245659c581458f20b67859f4e7d02205a68824d41dd216882989a807c01d5468e3f99beb78850fa7aeb217f7b8ac8ad30f3a652fc24066
-
SSDEEP
98304:Q8LdJUraeZZi032nwpT0LtehhSlwz5i6/GroQ:QwU+eXii2wpILtehhSluiWG
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
BLTools v2.9 PRO/BLTools.exe
-
Size
5.9MB
-
MD5
dfa8706c22679f73c12350c5ceef4be9
-
SHA1
786ebcc382749363d5bfe56dd3d9165b44abb2f3
-
SHA256
8c746b0086c9c1bd72a487ffa55bd896a949d89ae2f91a7aa7c6d5d6124b2510
-
SHA512
2654da238f67253ae96b6ade05e1d97d9debd6e0759daae23964809533d4d9c382b360202b3cd70caec97735034a54ee5a7ad7573eeb969e3185794cdf268a7d
-
SSDEEP
98304:1k05ee4lCP5rHvCQyYddIwF1OXvKqKQcj/zNktidLSChybf1sxPUeNh:H5e1QOdwF1OXvK1j/JkkLSwybSc
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
BLTools v2.9 PRO/CookiesCreator.exe
-
Size
7.4MB
-
MD5
8a7d8331bc19b52df1526c417d6383ba
-
SHA1
6fefd8f132afe1dc3f2561e95d6a01f9ade0f758
-
SHA256
9ed9cd27c0fa9db840589e42d402e2fe7da3d65fb6d12770dc773dfda7a40139
-
SHA512
afb2eef04d33bab1dbdbd8ead3ee2a8f5a681a1bb534c28ee9675aa0d77298491101620a9b50f8fecf48c306542c55320fd51922becdf67abc40106281cd984e
-
SSDEEP
196608:EutPurErvI9pWjgaAnajMsK23fQC//OoLxhf:3tPurEUWjJjYoo4jLxhf
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
BLTools v2.9 PRO/Extreme.Net.dll
-
Size
121KB
-
MD5
f79f0e3a0361cac000e2d3553753cd68
-
SHA1
4314bcef76fddc9379a8f3a266b37d685d0adb79
-
SHA256
8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
-
SHA512
c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
-
SSDEEP
3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score1/10 -
-
-
Target
BLTools v2.9 PRO/License.dll
-
Size
5B
-
MD5
b08a5c34cf0a06615da2ca89010d8b4f
-
SHA1
626a77d86d9d12d1772f788cf67c8e77fd9f797a
-
SHA256
04cc5b3b49a7e9e9b6c66c7be59a20992bf2653746b5d43829c383fb233f88fa
-
SHA512
5dce742cd0f649461b08f8f8018e0fa39ef19e813a74a91f434a15754a4fa8be83096e8fa49cf1828ac011220b7ad3724e7e4ea9cce7937a3168169d8e561b2c
Score1/10 -
-
-
Target
BLTools v2.9 PRO/MaterialDesignColors.dll
-
Size
295KB
-
MD5
5c108c4da6d03f0fa2c3b4dc7890cb52
-
SHA1
48af67b6166068b6f138306bbd1157c7583c6e73
-
SHA256
b5ec30c93b1d2b4631ee2b178750ec92e302e2e331090ec9783981b9572354f8
-
SHA512
48d055610eead361809bd839c66ccdca1d5e0d9dffe15af9d15afa106ee7791c8b17acb91f2aba5cf3dda2997b049bcf70b43c3b56b8b01f1fc7bb845ce6c91b
-
SSDEEP
1536:wr1In+fq1fDfDemxD0EsXpGX0EOAcTtU7fKoVxbzQcV:G1WB1PerAjOAj7fKoVxb1V
Score1/10 -
-
-
Target
BLTools v2.9 PRO/MaterialDesignThemes.Wpf.dll
-
Size
9.1MB
-
MD5
824cbf63999f954aa1747f79586a4d3c
-
SHA1
5f1cd6346a45024bbbe09e304c12b6f6bf227d5c
-
SHA256
344e2cee979e979932f504dc76bd75e97ae1ff46caa3fe2795adfe0a866347f7
-
SHA512
d36149f7cb5ffc62dac6bb4521105d09fac988de567e181fdca4f23e5079aca5f4292e1d314f797f1a597263ddac0210060cb71c111565717e3a288a47770c51
-
SSDEEP
98304:PW8EOPXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCRM:PW8lnJ45/9iD54+V11bFv4z
Score1/10 -
-
-
Target
BLTools v2.9 PRO/Microsoft.Xaml.Behaviors.dll
-
Size
142KB
-
MD5
95f46f34c099421d917d5feadbb33edb
-
SHA1
3d1cb9cf59000012734901a35baeb3d9c1dd5db3
-
SHA256
8e77a1dd5e2df4d4af801376cc3428b082eb49fcb6e647b933967fae12ad9d5d
-
SHA512
c9c9f72980316c68ad2a8dbe2c6c563c0deddfc9e845674d0e2f5313a0ae285d60a755e2ca04164f78b37a36521259307b3eb7d43f5ec9a9de5507bda7e4c1b8
-
SSDEEP
3072:lN+EM1X0WlL9JAn11M1dXcGkOsizI35rCj8SIP:v+ll79in1h6
Score1/10 -
-
-
Target
BLTools v2.9 PRO/Ookii.Dialogs.Wpf.dll
-
Size
103KB
-
MD5
932ebb3f9e7113071c6a17818342b7cc
-
SHA1
9ce2d08bc3840632092325abcc8d842eeb8189d4
-
SHA256
285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
-
SHA512
6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
-
SSDEEP
1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score1/10 -
-
-
Target
BLTools v2.9 PRO/Projects/Gumroad Balance.proj
-
Size
32KB
-
MD5
5073345eb322689c16fe5cbd06895b22
-
SHA1
6d99acdeceb107839b958a9e118a7b4f145abd9c
-
SHA256
6169fc607bfb3157f1044363e357f9e41840aed0594ed95343dd5c8ce951944c
-
SHA512
3ad34046fca07b41a2ee537d4d1bb73e50d276ba7664c1fd1064bbe5612eb2294c2febb510bbff75500026d4adaa733bc7b1d0164a53abcdfd98022fb609773f
-
SSDEEP
768:FI7pGhyMIG8LOYuGscMo0RBCIg4SQh3VNE9hvrMUpC1bfFAeIC/mFj2Cvz51hyNj:FI7pq8aRa9hL0oTtyHp61d4ay
Score3/10 -
-
-
Target
BLTools v2.9 PRO/Projects/zelenka.guru.proj
-
Size
670B
-
MD5
c075e0f5f82b03d01f7fdeb9dde4a97b
-
SHA1
19551d00f39c333a5b46fc8a055730986e21002d
-
SHA256
dd6b0dfa2773c3380e15837eecbe5f880b3674f86596824a860a211a7f624c1d
-
SHA512
014423e6a12e7314118445784dca68ad54efb66ad7b3a64dc81059134da2a06785ac6c8b2c4f929bb023de37773a321d46cf596504a27e05ed46afe8d9bde77c
Score3/10 -
-
-
Target
BLTools v2.9 PRO/Projects/👁 itsnotZELENKA.GURU 👁.proj
-
Size
670B
-
MD5
c075e0f5f82b03d01f7fdeb9dde4a97b
-
SHA1
19551d00f39c333a5b46fc8a055730986e21002d
-
SHA256
dd6b0dfa2773c3380e15837eecbe5f880b3674f86596824a860a211a7f624c1d
-
SHA512
014423e6a12e7314118445784dca68ad54efb66ad7b3a64dc81059134da2a06785ac6c8b2c4f929bb023de37773a321d46cf596504a27e05ed46afe8d9bde77c
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3