General

  • Target

    Specification.exe

  • Size

    1.4MB

  • Sample

    221013-cg761aafd6

  • MD5

    75c4f755670d62947bf2dabb7857165c

  • SHA1

    a86c8680456b8e12ea0e6f5c29622191064b9c6a

  • SHA256

    36c9af5b5712f266baac8963ca365fa3d3b40f8ef1cbfdd4784612d4685d3cc5

  • SHA512

    3f8dbedfb5f29810ef9be65f479afecd18c8d62d5a930dd099f3224425adc29b6f601a88ea3d6f3f81ec37b72788495665a2c6375378da688d33fb44a4160022

  • SSDEEP

    24576:44oTw9wQsp66R9MFPALm68hFYQdAIzQkkZbL0NOzfiUMmdB:l9KpDRsAiTDZcZAefiUMm

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Specification.exe

    • Size

      1.4MB

    • MD5

      75c4f755670d62947bf2dabb7857165c

    • SHA1

      a86c8680456b8e12ea0e6f5c29622191064b9c6a

    • SHA256

      36c9af5b5712f266baac8963ca365fa3d3b40f8ef1cbfdd4784612d4685d3cc5

    • SHA512

      3f8dbedfb5f29810ef9be65f479afecd18c8d62d5a930dd099f3224425adc29b6f601a88ea3d6f3f81ec37b72788495665a2c6375378da688d33fb44a4160022

    • SSDEEP

      24576:44oTw9wQsp66R9MFPALm68hFYQdAIzQkkZbL0NOzfiUMmdB:l9KpDRsAiTDZcZAefiUMm

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks