General

  • Target

    f8de1a039dd5cd1daf706bfb62b5b5e4c132dc5669127f7e9a5e437d40b84029

  • Size

    1.2MB

  • Sample

    221013-b6dg9aafb3

  • MD5

    9be98fb47edee3acab8a1471b98f374b

  • SHA1

    7eb34021fdd67e32aca3a7098ed37c310eecab44

  • SHA256

    f8de1a039dd5cd1daf706bfb62b5b5e4c132dc5669127f7e9a5e437d40b84029

  • SHA512

    9d151921898104a7e5923ba65033d2e1f8a682b9a787818126b17c7ae06e8fdaa6c63c3d4c84a1a407e55fac76e458487093fe32cd8e27455e742b77af082077

  • SSDEEP

    12288:WraodRoXbwufcugFmDbQNXcsc42enVkcqIYnMJ7mDgQsuThiTt4kGEPak:bX8siiscscH2vb8kmDgQ/62s

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      f8de1a039dd5cd1daf706bfb62b5b5e4c132dc5669127f7e9a5e437d40b84029

    • Size

      1.2MB

    • MD5

      9be98fb47edee3acab8a1471b98f374b

    • SHA1

      7eb34021fdd67e32aca3a7098ed37c310eecab44

    • SHA256

      f8de1a039dd5cd1daf706bfb62b5b5e4c132dc5669127f7e9a5e437d40b84029

    • SHA512

      9d151921898104a7e5923ba65033d2e1f8a682b9a787818126b17c7ae06e8fdaa6c63c3d4c84a1a407e55fac76e458487093fe32cd8e27455e742b77af082077

    • SSDEEP

      12288:WraodRoXbwufcugFmDbQNXcsc42enVkcqIYnMJ7mDgQsuThiTt4kGEPak:bX8siiscscH2vb8kmDgQ/62s

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks