blustealer | f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

6

Sharing

General

Target

f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450
Size

440KB
Sample

220817-gs97ysbdhn
MD5

41d43bd130d961af9030daaec5e1d4a1
SHA1

bf3b957d6b9048e2a627aa49f3f6676c575fd1c0
SHA256

f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450
SHA512

bee98d39a9a25cbddb702e12d5ee2deb28bf0e160c5b3bc65015ccde5cfa73e08c7fdc661b880a51dc6e0051f6d5b3b4bfed020c4ee534834425e05c1a7aecc5
SSDEEP

12288:PWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:oxgsRftD0C2nKG

Score

10^/10

blustealer collection

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450.exe

Resource

win10-20220812-en

windows10-1703-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5535376508:AAGIkj1WObA9laUkCoGdCF3fvIC_BvhvWso/sendMessage?chat_id=5379877658

Targets

- Target
  
  f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450
- Size
  
  440KB
- MD5
  
  41d43bd130d961af9030daaec5e1d4a1
- SHA1
  
  bf3b957d6b9048e2a627aa49f3f6676c575fd1c0
- SHA256
  
  f4b8876d0421a1d904d6bba62ed2ea0e966b33527e19a87603ffc5e76dd98450
- SHA512
  
  bee98d39a9a25cbddb702e12d5ee2deb28bf0e160c5b3bc65015ccde5cfa73e08c7fdc661b880a51dc6e0051f6d5b3b4bfed020c4ee534834425e05c1a7aecc5
- SSDEEP
  
  12288:PWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:oxgsRftD0C2nKG
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy