Overview

overview

10

Static

static

Request Fo...22.exe

windows7-x64

10

Request Fo...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request For Quotation - ANOPC project2022.z

  • Size

    860KB

  • Sample

    220816-vl71xaefh2

  • MD5

    8824dbb0aaa51a5bf918bc30629eff07

  • SHA1

    009f1e07734e26d84d8200fbceedf14e3480f9c3

  • SHA256

    df7e9523bb289e17bb9836b44370655e6bb42ad2214e622cd737dcd0e4214fa9

  • SHA512

    6ebd65da0b3518110e3850428155c6c3f0d88d0bc82f48f9cf5f4ecca0bfd6615cd225233dbf9cde1769363e754d685f022b630c784ff839eafbc6eaa0272156

  • SSDEEP

    12288:zt8tiB2WXQTZiQPjKCLzvB7j/GQ9v5FMngj1i2kuIuHJ9lN2BU9h7ysG8x:zt8kBpaZiQrJPvF/dJbwaiJu7lposNx

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5330579892:AAHDIOXrD-d-pMU_JI4pPczBI962-9fokRs/sendMessage?chat_id=1494890429

Targets

    • Target

      Request For Quotation - ANOPC project2022.exe

    • Size

      1015KB

    • MD5

      08a40049879584cdeaa55fea081c0fd1

    • SHA1

      5a704eb5c43e7156f7f5b5b010fcb4137b1cc180

    • SHA256

      79814d086bdd991047d33be2ba327595390dad0cc3a1276fd730ef5b5a40aac3

    • SHA512

      f11d9f0acde7732dd10c843e7043db2b14286ca07c2ee42007c804474172194270bf9cdcd04d54f1c844c81f53e691cb1e8179efc4671cd10944a7f2d01464d6

    • SSDEEP

      24576:GtAVui3aKq4d1e0xB4GiESeElnLvYL13Lh:G2VuiKed1euBUeElLG3Lh

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks