General
-
Target
4944-144-0x0000000000400000-0x000000000046E000-memory.dmp
-
Size
440KB
-
Sample
221023-j19bqshdak
-
MD5
e7eae587c7ef6d1b8feed44afc7fc535
-
SHA1
9e9bba3e73dee1c9f4f8b03db70f4f198791d665
-
SHA256
61f75f21b8539add2cb489f6135557b3539df84b8d79025f208ec44d3be4493b
-
SHA512
8a691f23a4f84bca5480994116d77774f0a55de160a301c67af2208c881ab1c71ac43278842bf2a84d8a355b441b3d30546c80425b7666ee9841a4f975bc38b8
-
SSDEEP
12288:mWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:lxgsRftD0C2nKG
Behavioral task
behavioral1
Sample
4944-144-0x0000000000400000-0x000000000046E000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4944-144-0x0000000000400000-0x000000000046E000-memory.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5755930650:AAElY45_nxTVkERZWnAInWKh0Sygx_xge0E/sendMessage?chat_id=1293496579
Targets
-
-
Target
4944-144-0x0000000000400000-0x000000000046E000-memory.dmp
-
Size
440KB
-
MD5
e7eae587c7ef6d1b8feed44afc7fc535
-
SHA1
9e9bba3e73dee1c9f4f8b03db70f4f198791d665
-
SHA256
61f75f21b8539add2cb489f6135557b3539df84b8d79025f208ec44d3be4493b
-
SHA512
8a691f23a4f84bca5480994116d77774f0a55de160a301c67af2208c881ab1c71ac43278842bf2a84d8a355b441b3d30546c80425b7666ee9841a4f975bc38b8
-
SSDEEP
12288:mWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:lxgsRftD0C2nKG
Score6/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-