General

  • Target

    PROFORMA.EXE.exe

  • Size

    1.3MB

  • Sample

    221018-ta2t3sgfem

  • MD5

    fc5ab0fbd99f07685a8dc7701627f214

  • SHA1

    e80e5a3d1450748736f035a7ee7856a4aacfeed9

  • SHA256

    797ed9f4cabf70bcf98dbc50235bfacd785ca91a747febc965c92465a3d53283

  • SHA512

    9f02188f31952a888f52c498d5ef23b1f35098e37d56cf65c26be5f91d2acf48315c8f5fa378bb5e7045e6a68e63812762beeca5736aba2099fb2a9983704e90

  • SSDEEP

    24576:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussjTkuAHGe:VAm0THYewFdj

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579

Targets

    • Target

      PROFORMA.EXE.exe

    • Size

      1.3MB

    • MD5

      fc5ab0fbd99f07685a8dc7701627f214

    • SHA1

      e80e5a3d1450748736f035a7ee7856a4aacfeed9

    • SHA256

      797ed9f4cabf70bcf98dbc50235bfacd785ca91a747febc965c92465a3d53283

    • SHA512

      9f02188f31952a888f52c498d5ef23b1f35098e37d56cf65c26be5f91d2acf48315c8f5fa378bb5e7045e6a68e63812762beeca5736aba2099fb2a9983704e90

    • SSDEEP

      24576:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNussjTkuAHGe:VAm0THYewFdj

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks