Overview

overview

10

Static

static

lLMcduOpiI...yQ.exe

windows7-x64

10

lLMcduOpiI...yQ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lLMcduOpiIm7FFc7v53h5NhiauY1-6ZPbt8k4bg_5yQ.bin

  • Size

    1.1MB

  • Sample

    220803-rnjvbadabm

  • MD5

    1dae99466ebd8bb0dcd10a0dad664310

  • SHA1

    5407aa0bed4dfb96dbb97fca018900bb9e60d40c

  • SHA256

    94b31c76e3a98889bb14573bbf9de1e4d8626ae635ffa64f6edf24e1b83ee724

  • SHA512

    3f99b018dbff4dd960471f203d9b0e60796cf5f8e3c1f7f188f637383fa85e1913bfeac6dc41d99ea63d2bd13b4f286d88a0b324a98d17f70d6273122da9850c

Score
10/10
blustealerstealer

Malware Config

Targets

    • Target

      lLMcduOpiIm7FFc7v53h5NhiauY1-6ZPbt8k4bg_5yQ.bin

    • Size

      1.1MB

    • MD5

      1dae99466ebd8bb0dcd10a0dad664310

    • SHA1

      5407aa0bed4dfb96dbb97fca018900bb9e60d40c

    • SHA256

      94b31c76e3a98889bb14573bbf9de1e4d8626ae635ffa64f6edf24e1b83ee724

    • SHA512

      3f99b018dbff4dd960471f203d9b0e60796cf5f8e3c1f7f188f637383fa85e1913bfeac6dc41d99ea63d2bd13b4f286d88a0b324a98d17f70d6273122da9850c

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks