General

  • Target

    RFQ 10102022.exe

  • Size

    1.2MB

  • Sample

    221018-h94beaehf8

  • MD5

    9b9068806d229820ef4977c37b9ece31

  • SHA1

    d482d3e05dadf33a8cfc41ed3d33b700c9c5afe3

  • SHA256

    13537e7d58eb6312b80c2abd796be6569ec2d99a41c20913629db6c1d5c12e0b

  • SHA512

    c94c874d9f7cae44be88e3b4ea2121cd8475d039f886b93b963c231d14b2012b52943b3f4aa229773ff8b747111ad0943f3846bfe05b47a2d551bc3cfc12490e

  • SSDEEP

    24576:h11jcQRG1e/zhH2b7Kc41/r8bAVx8+c8j7P36vg7dR:h1OQSgzhRc41/gqBc8j7eg7d

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      RFQ 10102022.exe

    • Size

      1.2MB

    • MD5

      9b9068806d229820ef4977c37b9ece31

    • SHA1

      d482d3e05dadf33a8cfc41ed3d33b700c9c5afe3

    • SHA256

      13537e7d58eb6312b80c2abd796be6569ec2d99a41c20913629db6c1d5c12e0b

    • SHA512

      c94c874d9f7cae44be88e3b4ea2121cd8475d039f886b93b963c231d14b2012b52943b3f4aa229773ff8b747111ad0943f3846bfe05b47a2d551bc3cfc12490e

    • SSDEEP

      24576:h11jcQRG1e/zhH2b7Kc41/r8bAVx8+c8j7P36vg7dR:h1OQSgzhRc41/gqBc8j7eg7d

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks