Overview

overview

10

Static

static

new order.exe

windows7-x64

10

new order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order.z

  • Size

    965KB

  • Sample

    220804-vldr3ahbc2

  • MD5

    72ad8b62a111672697e7c9fb525da955

  • SHA1

    8ad958a09335d32b1f9a7862a6bb5eff21732df5

  • SHA256

    117dd61549c79fdebe4421043a9d4809d65b9b92724f09813953e22cca7bb6be

  • SHA512

    9b5be94a83cbde5955f9915e942997d661a60af7c0682c360699f418c85f638020e1355b261e74746a95beb14e0f37d191fd87179c67fdea93609ecea6bac8cf

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5330579892:AAHDIOXrD-d-pMU_JI4pPczBI962-9fokRs/sendMessage?chat_id=1494890429

Targets

    • Target

      new order.exe

    • Size

      1.1MB

    • MD5

      2d475dbdfd7a378689d984a04677e641

    • SHA1

      1a673fb62bb6e29fb3d9ef0d40e480cbad541879

    • SHA256

      579c3138028884421849a6d210996f27da317f22d228a98d9bd0704786090498

    • SHA512

      cf9e9014fc5b462ef5d2326c452d922b3c3b3f1317eed74b4620345fe8eeef15779abdf239d87a8c5dcb2e124c3d4214a0be8a06d43be3108e348091a7706fc5

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks