Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bltools 2.9.1 [PRO23].exe
-
Size
14.0MB
-
Sample
250226-25n6gaxms9
-
MD5
59fa48be8a4b93d5b6264b3f30a42c57
-
SHA1
35af02f02568cf21d954a79972a3e1b9a88c14c1
-
SHA256
0a602136ae066c54d87a8d275fab10d34df115b49a3ea580b8c825a6c637a669
-
SHA512
4ae4485a3daae4cfb703b46ef76b1f9979bdef8e9b21d7d8527a5dd73d88e34c36ec7d08230469cd98981a15ad72104d98acd5ed64ca906282770b141d406065
-
SSDEEP
393216:jehC8odGNhEge3fk76ni3DuAOTFbXkO/14:yhC9QOp06izuHTFb0O94
Malware Config
Targets
-
-
Target
Bltools 2.9.1 [PRO23].exe
-
Size
14.0MB
-
MD5
59fa48be8a4b93d5b6264b3f30a42c57
-
SHA1
35af02f02568cf21d954a79972a3e1b9a88c14c1
-
SHA256
0a602136ae066c54d87a8d275fab10d34df115b49a3ea580b8c825a6c637a669
-
SHA512
4ae4485a3daae4cfb703b46ef76b1f9979bdef8e9b21d7d8527a5dd73d88e34c36ec7d08230469cd98981a15ad72104d98acd5ed64ca906282770b141d406065
-
SSDEEP
393216:jehC8odGNhEge3fk76ni3DuAOTFbXkO/14:yhC9QOp06izuHTFb0O94
Score10/10-
Detects Monster Stealer.
-
Monster
Monster is a Golang stealer that was discovered in 2024.
-
Monster family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-