General
-
Target
PROFORMA.EXE.exe
-
Size
1.3MB
-
Sample
221018-ta2t3sgfem
-
MD5
fc5ab0fbd99f07685a8dc7701627f214
-
SHA1
e80e5a3d1450748736f035a7ee7856a4aacfeed9
-
SHA256
797ed9f4cabf70bcf98dbc50235bfacd785ca91a747febc965c92465a3d53283
-
SHA512
9f02188f31952a888f52c498d5ef23b1f35098e37d56cf65c26be5f91d2acf48315c8f5fa378bb5e7045e6a68e63812762beeca5736aba2099fb2a9983704e90
-
SSDEEP
24576:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussjTkuAHGe:VAm0THYewFdj
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA.EXE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PROFORMA.EXE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579
Targets
-
-
Target
PROFORMA.EXE.exe
-
Size
1.3MB
-
MD5
fc5ab0fbd99f07685a8dc7701627f214
-
SHA1
e80e5a3d1450748736f035a7ee7856a4aacfeed9
-
SHA256
797ed9f4cabf70bcf98dbc50235bfacd785ca91a747febc965c92465a3d53283
-
SHA512
9f02188f31952a888f52c498d5ef23b1f35098e37d56cf65c26be5f91d2acf48315c8f5fa378bb5e7045e6a68e63812762beeca5736aba2099fb2a9983704e90
-
SSDEEP
24576:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussjTkuAHGe:VAm0THYewFdj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-