General

  • Target

    77053cffbf81fc755f5d119b907f63456ff18706a3274bf619315baf03411087

  • Size

    187KB

  • Sample

    220620-vmze6afgan

  • MD5

    72048fbaab48b29537a9b8b6af6bd37d

  • SHA1

    fb253b22ae678164dad4de1f8f472a1338c8582a

  • SHA256

    77053cffbf81fc755f5d119b907f63456ff18706a3274bf619315baf03411087

  • SHA512

    8909e498201a610020fd59e7bfc1340da71dc0ca8a4205adaba12151dd50a0cb0e88b0b358a361ecec5d6cefa5708bc7a19dea21e5b9d857d1057fce27640601

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    mail.juhun.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    (_ZH%s&u{1FF

Targets

    • Target

      77053cffbf81fc755f5d119b907f63456ff18706a3274bf619315baf03411087

    • Size

      187KB

    • MD5

      72048fbaab48b29537a9b8b6af6bd37d

    • SHA1

      fb253b22ae678164dad4de1f8f472a1338c8582a

    • SHA256

      77053cffbf81fc755f5d119b907f63456ff18706a3274bf619315baf03411087

    • SHA512

      8909e498201a610020fd59e7bfc1340da71dc0ca8a4205adaba12151dd50a0cb0e88b0b358a361ecec5d6cefa5708bc7a19dea21e5b9d857d1057fce27640601

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks