General

  • Target

    Dekont.PDF.exe

  • Size

    1.3MB

  • Sample

    221018-jm4t4afaa7

  • MD5

    8feabe088c948dc8f387c098e6840ed4

  • SHA1

    52522a7e7bae6061fc3b32ec3a25af902f164af8

  • SHA256

    8908acf28585acbad787f5b1fc7b53b99ca8fb7d03ef05cdb6cd436102fd82cc

  • SHA512

    593af500334afd603b4ab82d315362123000a078772a5f1f5dd5eb29aae39606eb87ef96cb9915bb243365c851de54646ffd81eff666b4277144184c008bef01

  • SSDEEP

    24576:br3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussBq5fr+:0qhrk1QmY9OrXS76Fdj

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579

Targets

    • Target

      Dekont.PDF.exe

    • Size

      1.3MB

    • MD5

      8feabe088c948dc8f387c098e6840ed4

    • SHA1

      52522a7e7bae6061fc3b32ec3a25af902f164af8

    • SHA256

      8908acf28585acbad787f5b1fc7b53b99ca8fb7d03ef05cdb6cd436102fd82cc

    • SHA512

      593af500334afd603b4ab82d315362123000a078772a5f1f5dd5eb29aae39606eb87ef96cb9915bb243365c851de54646ffd81eff666b4277144184c008bef01

    • SSDEEP

      24576:br3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussBq5fr+:0qhrk1QmY9OrXS76Fdj

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks