Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Docu086.exe

  • Size

    832KB

  • Sample

    220728-tgsjzshbb2

  • MD5

    b93e02f5cd2641229c13cffac01315a8

  • SHA1

    0e98a61337f207d1c97aa8eae179dc528d1a75f5

  • SHA256

    42f31614f84336fe90a93d59c656e7c564f07497957e2876d5ea0ddb22a96d25

  • SHA512

    55de646be0b5fa8651be05a525091a29f657ad8560b5e1dbbeed0570b5b3f4da8acaabf78e29cfb05162bae758f4de6d84c804e54376a0be01ffe4d33dff4a56

Score
10/10

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    6%s@300%27118

Targets

    • Target

      Docu086.exe

    • Size

      832KB

    • MD5

      b93e02f5cd2641229c13cffac01315a8

    • SHA1

      0e98a61337f207d1c97aa8eae179dc528d1a75f5

    • SHA256

      42f31614f84336fe90a93d59c656e7c564f07497957e2876d5ea0ddb22a96d25

    • SHA512

      55de646be0b5fa8651be05a525091a29f657ad8560b5e1dbbeed0570b5b3f4da8acaabf78e29cfb05162bae758f4de6d84c804e54376a0be01ffe4d33dff4a56

    Score
    10/10
    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks