General

  • Target

    ffdbb34a0ac78d04de45eb0bff5f15a3

  • Size

    1.2MB

  • Sample

    221018-xyq92adfck

  • MD5

    ffdbb34a0ac78d04de45eb0bff5f15a3

  • SHA1

    4325462805e746134fe9ada22992e970927fd76c

  • SHA256

    1b49edb66975cc308188fcf58a350d27a645e8ad754aff84541b8a82736bd005

  • SHA512

    994215b895e40d2ee0ca703e379cf1d647a004f6dcd7bb59c24a36c1dff68cd98788b16bc4d978ce0d7c6effd51306133d272bfba8a3069bc4d9e6c45d73bfa1

  • SSDEEP

    24576:zyw0jNxVrJkrN5YKo3OIjtuguWuW0blgLdFOPRU5yfIiqqcu2:zyxNPrKoD9T+jfTj8

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5310184325:AAFI3fSQ6VcGu_NSTmv7d-qK2WCVhYY_qfg/sendMessage?chat_id=1293496579

Targets

    • Target

      Dekont.PDF.exe

    • Size

      1.3MB

    • MD5

      dd351940dad3168f60d1b3d7cd10347b

    • SHA1

      9cf4ff25559de1a6cbaeac06123abf04c2ec12b0

    • SHA256

      33f6177e2d98b8b7a93daed5f05883a111f706ed3bcba925c9740c4feac6111e

    • SHA512

      1cd9340b1ca9e5c460f69cda5410daa0a8791505b0367a0794b7f2f8fcd2a822d13574c0313fd1997525208a3af2a4e3a9a391d006e2576de13bd3792a78c8fa

    • SSDEEP

      24576:hExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNusswO7Sayb:ualphF78zLyc/YFdj

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks