General
-
Target
DHL_Y_DO.EXE.exe
-
Size
1.0MB
-
Sample
221020-s5xceacbe4
-
MD5
e15f0572398fc74b2b421e8587180571
-
SHA1
8e62593eafc506f657cead19df4a97c29177faf2
-
SHA256
3a1a57f4172c2c2b58c164dd690b3d8928304dfc0455c604d061a80c7120c3c5
-
SHA512
170bb25de8d34400f07f7b016114ac5b5416d1971c697b65c6631689b7f8c8ed573e689a502486fb7d1f4400edc19f83c0fb3fed05aee4893856ad44c6af0ba7
-
SSDEEP
12288:cofEu5grX48OvLwUlzXmf9fw9F7I0KzlO/cZ6FeejWRbTD5x9GRnGCZn0lkO:mX45LmNwLMzlKcZ6FliJ31yXWl1
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Y_DO.EXE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL_Y_DO.EXE.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474
Targets
-
-
Target
DHL_Y_DO.EXE.exe
-
Size
1.0MB
-
MD5
e15f0572398fc74b2b421e8587180571
-
SHA1
8e62593eafc506f657cead19df4a97c29177faf2
-
SHA256
3a1a57f4172c2c2b58c164dd690b3d8928304dfc0455c604d061a80c7120c3c5
-
SHA512
170bb25de8d34400f07f7b016114ac5b5416d1971c697b65c6631689b7f8c8ed573e689a502486fb7d1f4400edc19f83c0fb3fed05aee4893856ad44c6af0ba7
-
SSDEEP
12288:cofEu5grX48OvLwUlzXmf9fw9F7I0KzlO/cZ6FeejWRbTD5x9GRnGCZn0lkO:mX45LmNwLMzlKcZ6FliJ31yXWl1
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-