General

  • Target

    DHL_Y_DO.EXE.exe

  • Size

    1.0MB

  • Sample

    221020-s5xceacbe4

  • MD5

    e15f0572398fc74b2b421e8587180571

  • SHA1

    8e62593eafc506f657cead19df4a97c29177faf2

  • SHA256

    3a1a57f4172c2c2b58c164dd690b3d8928304dfc0455c604d061a80c7120c3c5

  • SHA512

    170bb25de8d34400f07f7b016114ac5b5416d1971c697b65c6631689b7f8c8ed573e689a502486fb7d1f4400edc19f83c0fb3fed05aee4893856ad44c6af0ba7

  • SSDEEP

    12288:cofEu5grX48OvLwUlzXmf9fw9F7I0KzlO/cZ6FeejWRbTD5x9GRnGCZn0lkO:mX45LmNwLMzlKcZ6FliJ31yXWl1

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      DHL_Y_DO.EXE.exe

    • Size

      1.0MB

    • MD5

      e15f0572398fc74b2b421e8587180571

    • SHA1

      8e62593eafc506f657cead19df4a97c29177faf2

    • SHA256

      3a1a57f4172c2c2b58c164dd690b3d8928304dfc0455c604d061a80c7120c3c5

    • SHA512

      170bb25de8d34400f07f7b016114ac5b5416d1971c697b65c6631689b7f8c8ed573e689a502486fb7d1f4400edc19f83c0fb3fed05aee4893856ad44c6af0ba7

    • SSDEEP

      12288:cofEu5grX48OvLwUlzXmf9fw9F7I0KzlO/cZ6FeejWRbTD5x9GRnGCZn0lkO:mX45LmNwLMzlKcZ6FliJ31yXWl1

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks