Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    P.O12537.exe

  • Size

    1022KB

  • Sample

    220802-twcr3sggd4

  • MD5

    75dcd5e85ae9f8bcf9d95335efd83867

  • SHA1

    8501172142aaa040e8effc06cf51a4beffd40683

  • SHA256

    16f18d5c839c1c24cdceb8bbc9f3adb8300cd16d585678597d0f30beecbce942

  • SHA512

    8a9958bdbb1cd42ad811146e024862ab42927285041400997e1aa59e77f91f4fbb0080a2992aa94ad4284f7e67d1fc8bcde91bc3caaf71ae1ee0a90c1169f448

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5330579892:AAHDIOXrD-d-pMU_JI4pPczBI962-9fokRs/sendMessage?chat_id=1494890429

Targets

    • Target

      P.O12537.exe

    • Size

      1022KB

    • MD5

      75dcd5e85ae9f8bcf9d95335efd83867

    • SHA1

      8501172142aaa040e8effc06cf51a4beffd40683

    • SHA256

      16f18d5c839c1c24cdceb8bbc9f3adb8300cd16d585678597d0f30beecbce942

    • SHA512

      8a9958bdbb1cd42ad811146e024862ab42927285041400997e1aa59e77f91f4fbb0080a2992aa94ad4284f7e67d1fc8bcde91bc3caaf71ae1ee0a90c1169f448

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks