Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    doc2022001001001.pdf.exe

  • Size

    1.2MB

  • Sample

    220803-q8dy5abgf2

  • MD5

    39b7ffa8957fe5a6ca72cca183a67d42

  • SHA1

    41b478d0dbf80cf8a6fffc1b14230c193ae124e5

  • SHA256

    3879b7d1e92d9b91e94c83e35421b6b64c1e529e28335962c1da8626b0a29d83

  • SHA512

    43ebc7daf28ebf5ebc8016533e26b13d1e185610690badcf613af20f6e3ff66d7c0adc71dec714c50c06359182f421f3cf05983af2252c5fdd8375c1fa2631e2

Score
10/10

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5420760971:AAH01qjNE4a_MymOsvjAcXOxeYA3Wd9XCkE/sendMessage?chat_id=1856108848

Targets

    • Target

      doc2022001001001.pdf.exe

    • Size

      1.2MB

    • MD5

      39b7ffa8957fe5a6ca72cca183a67d42

    • SHA1

      41b478d0dbf80cf8a6fffc1b14230c193ae124e5

    • SHA256

      3879b7d1e92d9b91e94c83e35421b6b64c1e529e28335962c1da8626b0a29d83

    • SHA512

      43ebc7daf28ebf5ebc8016533e26b13d1e185610690badcf613af20f6e3ff66d7c0adc71dec714c50c06359182f421f3cf05983af2252c5fdd8375c1fa2631e2

    Score
    10/10
    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks