General

  • Target

    SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.24121

  • Size

    1.4MB

  • Sample

    221023-jzdhnshchn

  • MD5

    8d654f7f3951c4493f602eaeec06a66d

  • SHA1

    b2dbbc4d06d197325efa9c780a881e5dc5055c8e

  • SHA256

    23b5a7169d8ab03c941f751625eabe427cc22aa4e39253af3fb7e4fc8e35a207

  • SHA512

    73a16f93ca5e6e521e6863df0eb361e37b2701a9178908235c6088c63f662384e315f0c31727552feb10f6739056cce9aa20d13cb6f68655a4404b0e78da785e

  • SSDEEP

    24576:NkU0xyXgeNY7E12oi4cWAlGmEFr0ulZlh6alRsn/ju1LNajXYo3aOtY:fXgeNYM3NVAAb0slh/sUBajD3

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5755930650:AAElY45_nxTVkERZWnAInWKh0Sygx_xge0E/sendMessage?chat_id=1293496579

Targets

    • Target

      SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.24121

    • Size

      1.4MB

    • MD5

      8d654f7f3951c4493f602eaeec06a66d

    • SHA1

      b2dbbc4d06d197325efa9c780a881e5dc5055c8e

    • SHA256

      23b5a7169d8ab03c941f751625eabe427cc22aa4e39253af3fb7e4fc8e35a207

    • SHA512

      73a16f93ca5e6e521e6863df0eb361e37b2701a9178908235c6088c63f662384e315f0c31727552feb10f6739056cce9aa20d13cb6f68655a4404b0e78da785e

    • SSDEEP

      24576:NkU0xyXgeNY7E12oi4cWAlGmEFr0ulZlh6alRsn/ju1LNajXYo3aOtY:fXgeNYM3NVAAb0slh/sUBajD3

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks