Overview

overview

10

Static

static

1

INVOICE IN...df.exe

windows7-x64

10

INVOICE IN...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1aed61600eed11497865d3f150177aed

  • Size

    1.9MB

  • Sample

    220927-y1b4kaede2

  • MD5

    1aed61600eed11497865d3f150177aed

  • SHA1

    fd1a569eafbe1bf854553df061188f575842ef61

  • SHA256

    9012008489104071ccbb3ba77891c6f6a6a30225001ae0c28b556eebe036788f

  • SHA512

    f9b7601ee959245abf8b6e299d3c133c8f54eed237b659732b39edebbc8a1dfd644bc95490ecf38d5912ff9431abcb48eaf2fb13091bbcae865168734f6a6f29

  • SSDEEP

    24576:CvebtEPgDnkUpGRYUKFkdRNgcfiQmq6wk8I5cvup5yu9PYyYDvdviOLV1+:CvebCPKY8DwiQmqlIF981xV1+

Score
10/10
blustealercollectionpersistencestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579

Targets

    • Target

      INVOICE INV-20220000002008 EUR.pdf.exe

    • Size

      1.8MB

    • MD5

      b248b43bd8be6232f8e77cfc52858c00

    • SHA1

      0c4e8493f3adcf8524526053d23d418cd1ca3497

    • SHA256

      2ada6d9b9dee67c44eddfe99c9a558828165c090ff0fd8583195110b4415b480

    • SHA512

      ae2665fa0497d5002a2cd0fbca0b82b22a7c670557d6e2798e5608300b6a4bde7265e0a968aab709454f562c40166a7c65110c5aafb0326ac857ef7a12ad6fc7

    • SSDEEP

      24576:GAOcZDiI8Yj7+zblMSqZo6AIna1HA3kdfzFvJLhGmEcJasRPGQFV0aBTjWFqwAzF:sSiI7qOSqWIna63kd9NEcNtGQFV9jWM

    Score
    10/10
    blustealercollectionpersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks