General

  • Target

    T98765434567898.exe

  • Size

    1.2MB

  • Sample

    211012-pf2daacccq

  • MD5

    abb26d1600dda55b1004b39d569178a8

  • SHA1

    8e6cba40d4ddd9d6ff6b781f79febbb47e58855b

  • SHA256

    1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387

  • SHA512

    8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4

Score
10/10

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Targets

    • Target

      T98765434567898.exe

    • Size

      1.2MB

    • MD5

      abb26d1600dda55b1004b39d569178a8

    • SHA1

      8e6cba40d4ddd9d6ff6b781f79febbb47e58855b

    • SHA256

      1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387

    • SHA512

      8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4

    Score
    10/10
    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks