Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/09/2022, 17:59

220915-wkw3padgb3 3

15/09/2022, 17:56

220915-wh3gpadga8 3

22/07/2022, 19:25

220722-x4ylashdfl 10

22/07/2022, 17:20

220722-vwqvdaggfl 10

General

  • Target

    ae446abadd3c46a971632492379c78be-sample.zip

  • Size

    6KB

  • Sample

    220722-vwqvdaggfl

  • MD5

    a3cd13bd49a17001e64b7645a535f6b5

  • SHA1

    cdaf753795b9c4f6fa0969e976c1bb11ad3d7f9a

  • SHA256

    af7b23bd61e2a87ccdbcfcb062e8da2723f1a72640623406a1dc81c6b2667f81

  • SHA512

    3578a834c460e716dd30718ab29d2f9fbe617d60943e5a287d5474d92f60fa6a78783e666078f31b6e1d82581efdb89defa42da01350525b6802867e3eacedd0

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5432809476:AAHtE5EDW3VQZZBLnEbEZpHEIJz5LbF0no/sendMessage?chat_id=5571556378

Targets

    • Target

      ORDER3763873.exe

    • Size

      13KB

    • MD5

      fcf1a0e7b406505e0aaa094393d45d72

    • SHA1

      cde2a1b3ef89f2b4c7a2048fa2d959e02c29008e

    • SHA256

      352dd25fbf999c5e12526187390be9af7019db7c165f2e9e76fe7d1cd4bece3b

    • SHA512

      5db78c6c157174cac8f010e8cf00d412a10703dd543ad224c7d81cb9b65b0a03891be95615dc57165761d433a673f316495e825e7a615d57b08b846fb3e52304

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Downloads MZ/PE file

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks