General

  • Target

    Doc10028.exe

  • Size

    2.4MB

  • Sample

    220816-q8n44acgg2

  • MD5

    2bd43ab6044247edd65f2d29f3540be7

  • SHA1

    892e34e6cabdeea13258d7e7e7e098a6820afbe2

  • SHA256

    2506cbaa56d9893a48a39a5d991f34da06122deb55efb3979a7629684d24ce78

  • SHA512

    3da26f98e66a15cdea0f223134eef790fe6ef6d8a602e5e6e169b347c056a660f7eb18e1adc85c5d269ae148b3722b179ce1cd00edf1b90b8ed989d723485dd3

  • SSDEEP

    49152:ASpt6A7Uxqy3DuxRRDBwiRih9BSUO2+54DnS06eTadHnvf:R6A7U8yTuxRIrrOh8SfX

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    lotexh.shop
  • Port:
    587
  • Username:
    jahfunds@lotexh.shop
  • Password:
    AmWcR;&S@thk

Targets

    • Target

      Doc10028.exe

    • Size

      2.4MB

    • MD5

      2bd43ab6044247edd65f2d29f3540be7

    • SHA1

      892e34e6cabdeea13258d7e7e7e098a6820afbe2

    • SHA256

      2506cbaa56d9893a48a39a5d991f34da06122deb55efb3979a7629684d24ce78

    • SHA512

      3da26f98e66a15cdea0f223134eef790fe6ef6d8a602e5e6e169b347c056a660f7eb18e1adc85c5d269ae148b3722b179ce1cd00edf1b90b8ed989d723485dd3

    • SSDEEP

      49152:ASpt6A7Uxqy3DuxRRDBwiRih9BSUO2+54DnS06eTadHnvf:R6A7U8yTuxRIrrOh8SfX

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.