Overview

overview

10

Static

static

RFQ#00092022.exe

windows7-x64

1

RFQ#00092022.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ#00092022.ace

  • Size

    1.1MB

  • Sample

    221005-hhdaxadef7

  • MD5

    cece5dc82c9ea3d82d4f8e3aea544a8d

  • SHA1

    2cae3f951c763b3ceb26d24dd1e2f6d4ec34caa9

  • SHA256

    d18530899d9bdaf56500f6db6c64e34313d4d9997ea7a4530c0b131efe002dbb

  • SHA512

    2aa0afa6457cc564085a97b830e79d3f75d0a64435ea646c6489e3102fd098fdc6cb560712adad23d33b3678fc4b2d1feab57e133f4e96b5c9bb7df8b7bd735c

  • SSDEEP

    24576:gsNVdxtaswv/b3vCy3JWI/uD0Gm5QFsAuva27fVEVPGJ63:gGV3+vj36y5WImD0Ta2z6GJ63

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      RFQ#00092022.exe

    • Size

      1.4MB

    • MD5

      42f4a19dc81367621d2a28f4da0f746e

    • SHA1

      18aea8f955e12adafeae521bf2aca33c400d8820

    • SHA256

      363eadd86b68060f7b436c585757a0356bbf6dc000d125612e9cd42cb3819b72

    • SHA512

      dd9da22085484537fa1d2a5b3467a6b2935cc51cd5ff5719799476f494b106485a039df427a653de05486084c354b7c0e7d6519330131b439692db5b8fa267b3

    • SSDEEP

      24576:YiFulLrYjqEz7YdaCkCCI0S2ll1subE7qxo3i:YisIjqEz7vfS2CRqe3

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks