General

  • Target

    Dekont.PDF.exe

  • Size

    1.3MB

  • Sample

    221018-ndpq2afef4

  • MD5

    dd351940dad3168f60d1b3d7cd10347b

  • SHA1

    9cf4ff25559de1a6cbaeac06123abf04c2ec12b0

  • SHA256

    33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e

  • SHA512

    1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa

  • SSDEEP

    24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579

Targets

    • Target

      Dekont.PDF.exe

    • Size

      1.3MB

    • MD5

      dd351940dad3168f60d1b3d7cd10347b

    • SHA1

      9cf4ff25559de1a6cbaeac06123abf04c2ec12b0

    • SHA256

      33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e

    • SHA512

      1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa

    • SSDEEP

      24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks