General

  • Target

    8198537176.zip

  • Size

    845KB

  • Sample

    221024-sgf1hshdaj

  • MD5

    4c5dda4790f3ede26d4cd2864a945823

  • SHA1

    1addad4904b19f0e19e1242d07ff2376ec27aeac

  • SHA256

    11056e183ec9ae4bad6f5c180fc37460d504e13776d7214b2a8b60fad449bfeb

  • SHA512

    47821b5685844ffbc5b2accb4248650cc48ea2b4e545f9e9b508d46c8d1a2993e2bf40c2c0b65d6fd5766e547cb726d2703204a0178679c2e330dea8317531e1

  • SSDEEP

    24576:NjCM87ts+XH3oMPAO59ssrdDh3eVbPcRNfZ4oETg1:Nz8xNXH3oMP3KsZt3CMxHETU

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      781a83f3ac8bb7d765db4ad32fcd1e07e585c533f300ddc847ea93d420c6d64c

    • Size

      1.1MB

    • MD5

      6518419b9de76da716fb64120d84efb2

    • SHA1

      36c349c1d03b67c799d8b96bc76d9fea40f25e1f

    • SHA256

      781a83f3ac8bb7d765db4ad32fcd1e07e585c533f300ddc847ea93d420c6d64c

    • SHA512

      4da469d1051e44453c1575c76178dbff421a47e48694a35d1b15179307121333ffc45b5ec79a98eb70c3a7479224df9edf0eff50d0f2264c8c6f31df6b47b620

    • SSDEEP

      24576:D1o9IkBL4tXTL5g7tFUBde4x9jBbke0fFkd7:D2IDLKBWO899bke0qd

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks