Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    15-08-2022 09:34

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.9123.exe

  • Size

    1.1MB

  • MD5

    e016090750d7ba7f0ea23beee330da11

  • SHA1

    946fce67103c7a16711d9ba61e1b2f62236693b2

  • SHA256

    8615bc30555f0ccd60466d99d1fe9e20fba142a3141ddd13f8354f564c47135a

  • SHA512

    06f2f99e27a09ced989c49b7aa2c94f12d6d8d88467da9c7acadaba03856162d80b89b35d5e3f77410f4d4e4be882e6383221e047a35a1e6bdb48f20b11ab0ee

Score
10/10

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    mail.oiliskim.com
  • Port:
    587
  • Username:
    smtp.wizzy@oiliskim.com
  • Password:
    Ifeanyi@123

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe
      "{path}"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/560-54-0x0000000001180000-0x0000000001296000-memory.dmp

    Filesize

    1.1MB

  • memory/560-55-0x0000000076041000-0x0000000076043000-memory.dmp

    Filesize

    8KB

  • memory/560-56-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

  • memory/560-57-0x0000000005D90000-0x0000000005E6E000-memory.dmp

    Filesize

    888KB

  • memory/560-58-0x0000000005E70000-0x0000000005F12000-memory.dmp

    Filesize

    648KB

  • memory/1672-59-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

  • memory/1672-60-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

  • memory/1672-62-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

  • memory/1672-64-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

  • memory/1672-67-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

  • memory/1672-70-0x0000000000400000-0x000000000049B000-memory.dmp

    Filesize

    620KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.