Overview

overview

10

Static

static

bl draft s...ts.exe

windows7-x64

10

bl draft s...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bl draft shipping Documents.gz

  • Size

    845KB

  • Sample

    220913-m443zabcaj

  • MD5

    541283536e77622aba4bca547b70ac1c

  • SHA1

    678f6f18a34536660a616f7635baa5f59f866484

  • SHA256

    9b2cc74fd99963d9d819651be3b84c109bf3b375a4b9f26c6ef31427d97011fb

  • SHA512

    211b88c9aed3b28d5e8cc0247b2fac8d8af13dfe1cc149ea2c11647484385c96d1ddba9f4efdf729da0803f4a760990768eb3db0e7aa0a5cebf694c0e66a8fef

  • SSDEEP

    24576:0eUHmkZhFDGTtOUuZU+VmpW5loM8l0KLvZKv1U0h:0HGkfJGT/gMpRMRK7ZKvhh

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      bl draft shipping Documents.exe

    • Size

      1.2MB

    • MD5

      9525bd775591fc765660eeb64002741f

    • SHA1

      0cb836092ba969107916c7445c790876a61912a6

    • SHA256

      cd101d3d19d5e797d9a151c9c4dd1db497f8e4ec680a7fb99a69b6af36634445

    • SHA512

      4ecea438e61f1b5decde0218ccf38146fadbda35531fe8b79ddd5cd47014d185cff8c6d94e6f4e1aaa7478d12c20b2c9d392ccbfa642be97c1b272003bb3df10

    • SSDEEP

      24576:C5nVyP/M6tQ5Cr0qwvNIQFQdS6vK2NqM4:IVA/TtQclwvNICQpvK2NqF

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks