General

  • Target

    640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33.exe

  • Size

    509KB

  • Sample

    221019-3j3x6sdba9

  • MD5

    c7ece13890b374467b4857ce1afaf2e6

  • SHA1

    e27145f0208a85564052b66d83ef7223154f22d6

  • SHA256

    640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33

  • SHA512

    46adbb990077c0dbb76c2c2282ce3ad5d36134c38d10195dd74ddacc4cd4103e4857920de0542d043c188dbacb3900f37bafe3a091745e089cb07d1017c36379

  • SSDEEP

    12288:yGZPq/wha6qc239Cf6mu57HFapiR9eJg+Fq085opbVq6:yGVL06j239m6R5782yF58qpb

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33.exe

    • Size

      509KB

    • MD5

      c7ece13890b374467b4857ce1afaf2e6

    • SHA1

      e27145f0208a85564052b66d83ef7223154f22d6

    • SHA256

      640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33

    • SHA512

      46adbb990077c0dbb76c2c2282ce3ad5d36134c38d10195dd74ddacc4cd4103e4857920de0542d043c188dbacb3900f37bafe3a091745e089cb07d1017c36379

    • SSDEEP

      12288:yGZPq/wha6qc239Cf6mu57HFapiR9eJg+Fq085opbVq6:yGVL06j239m6R5782yF58qpb

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks