Resubmissions

26-10-2021 17:29

211026-v2vqhsaac9 10

26-10-2021 17:18

211026-vvfm1saab6 6

General

  • Target

    E7pPa8kXU2X9H8nyCZseBfpdf.bin

  • Size

    668KB

  • Sample

    211026-v2vqhsaac9

  • MD5

    e168c49cc388f05d310f780f70661c47

  • SHA1

    1837a8448300159ba08992c39386354b676674e4

  • SHA256

    c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb

  • SHA512

    e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    budgetn.shop
  • Port:
    587
  • Username:
    hulu@budgetn.shop
  • Password:
    s)Z4bO(8nKHT

Targets

    • Target

      E7pPa8kXU2X9H8nyCZseBfpdf.bin

    • Size

      668KB

    • MD5

      e168c49cc388f05d310f780f70661c47

    • SHA1

      1837a8448300159ba08992c39386354b676674e4

    • SHA256

      c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb

    • SHA512

      e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks