General

  • Target

    8162426317.zip

  • Size

    884KB

  • Sample

    221013-h79qeabbal

  • MD5

    350f169f57efff5e6047b692a25533d7

  • SHA1

    a6a3395fdeae5df42a033d1e72b89e0f1ff7c8d9

  • SHA256

    4db869ae406def37b298c9cbf31e944865c6e0770432ba43ad72e8ade0c4b39a

  • SHA512

    37271033ca74573dbb5f0cebaa58aea7876f3e2e63e1578232983b7b7e83aaa4f1b99d9487ac52e96c790d00ba8540231aa962ba8cb3ad9454989d087d2bb1bc

  • SSDEEP

    24576:DBZjnp4OYkdMgV8JT3jymm672Mrtxg1KUEhw1y27KjAWZzL4hC:DBZrpeQHa3uq20zmOhsKzL4Y

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      RFQ 10102022.exe

    • Size

      1.2MB

    • MD5

      9b9068806d229820ef4977c37b9ece31

    • SHA1

      d482d3e05dadf33a8cfc41ed3d33b700c9c5afe3

    • SHA256

      13537e7d58eb6312b80c2abd796be6569ec2d99a41c20913629db6c1d5c12e0b

    • SHA512

      c94c874d9f7cae44be88e3b4ea2121cd8475d039f886b93b963c231d14b2012b52943b3f4aa229773ff8b747111ad0943f3846bfe05b47a2d551bc3cfc12490e

    • SSDEEP

      24576:h11jcQRG1e/zhH2b7Kc41/r8bAVx8+c8j7P36vg7dR:h1OQSgzhRc41/gqBc8j7eg7d

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks