Overview

overview

10

Static

static

quotation.exe

windows7-x64

10

quotation.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quotation.exe

  • Size

    661KB

  • Sample

    221003-qg8z7aghbm

  • MD5

    3447635f58aa5581db95a3829b004f5b

  • SHA1

    e9275447f8fd436b726a868025f49412b5cba811

  • SHA256

    8c575aa5e93a77f506411780e84f57617a784605557c36053bc3535306509f03

  • SHA512

    7c6570674889496a206ff8c52e954ae40d948ee4ac4d20fb42f47abc48ca3d469617b9a76eadd39c9c77a9136c69d3c9df1f213cb3dbbe1c79d337bf19dee8ba

  • SSDEEP

    12288:jCfAg0DqCrZVRr7s2uUBdx5bwY8nmX5nadvQeQPR:jmzGqaZVBmUnxympnKo/PR

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      quotation.exe

    • Size

      661KB

    • MD5

      3447635f58aa5581db95a3829b004f5b

    • SHA1

      e9275447f8fd436b726a868025f49412b5cba811

    • SHA256

      8c575aa5e93a77f506411780e84f57617a784605557c36053bc3535306509f03

    • SHA512

      7c6570674889496a206ff8c52e954ae40d948ee4ac4d20fb42f47abc48ca3d469617b9a76eadd39c9c77a9136c69d3c9df1f213cb3dbbe1c79d337bf19dee8ba

    • SSDEEP

      12288:jCfAg0DqCrZVRr7s2uUBdx5bwY8nmX5nadvQeQPR:jmzGqaZVBmUnxympnKo/PR

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks