General
-
Target
SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.24121
-
Size
1.4MB
-
Sample
221023-jzdhnshchn
-
MD5
8d654f7f3951c4493f602eaeec06a66d
-
SHA1
b2dbbc4d06d197325efa9c780a881e5dc5055c8e
-
SHA256
23b5a7169d8ab03c941f751625eabe427cc22aa4e39253af3fb7e4fc8e35a207
-
SHA512
73a16f93ca5e6e521e6863df0eb361e37b2701a9178908235c6088c63f662384e315f0c31727552feb10f6739056cce9aa20d13cb6f68655a4404b0e78da785e
-
SSDEEP
24576:NkU0xyXgeNY7E12oi4cWAlGmEFr0ulZlh6alRsn/ju1LNajXYo3aOtY:fXgeNYM3NVAAb0slh/sUBajD3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5755930650:AAElY45_nxTVkERZWnAInWKh0Sygx_xge0E/sendMessage?chat_id=1293496579
Targets
-
-
Target
SecuriteInfo.com.MSIL.GenKryptik.FZUN.tr.23962.24121
-
Size
1.4MB
-
MD5
8d654f7f3951c4493f602eaeec06a66d
-
SHA1
b2dbbc4d06d197325efa9c780a881e5dc5055c8e
-
SHA256
23b5a7169d8ab03c941f751625eabe427cc22aa4e39253af3fb7e4fc8e35a207
-
SHA512
73a16f93ca5e6e521e6863df0eb361e37b2701a9178908235c6088c63f662384e315f0c31727552feb10f6739056cce9aa20d13cb6f68655a4404b0e78da785e
-
SSDEEP
24576:NkU0xyXgeNY7E12oi4cWAlGmEFr0ulZlh6alRsn/ju1LNajXYo3aOtY:fXgeNYM3NVAAb0slh/sUBajD3
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-