General

  • Target

    Details & Invoices.exe

  • Size

    1.1MB

  • Sample

    221025-psbndscgan

  • MD5

    6518419b9de76da716fb64120d84efb2

  • SHA1

    36c349c1d03b67c799d8b96bc76d9fea40f25e1f

  • SHA256

    781a83f3ac8bb7d765db4ad32fcd1e07e585c533f300ddc847ea93d420c6d64c

  • SHA512

    4da469d1051e44453c1575c76178dbff421a47e48694a35d1b15179307121333ffc45b5ec79a98eb70c3a7479224df9edf0eff50d0f2264c8c6f31df6b47b620

  • SSDEEP

    24576:D1o9IkBL4tXTL5g7tFUBde4x9jBbke0fFkd7:D2IDLKBWO899bke0qd

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Details & Invoices.exe

    • Size

      1.1MB

    • MD5

      6518419b9de76da716fb64120d84efb2

    • SHA1

      36c349c1d03b67c799d8b96bc76d9fea40f25e1f

    • SHA256

      781a83f3ac8bb7d765db4ad32fcd1e07e585c533f300ddc847ea93d420c6d64c

    • SHA512

      4da469d1051e44453c1575c76178dbff421a47e48694a35d1b15179307121333ffc45b5ec79a98eb70c3a7479224df9edf0eff50d0f2264c8c6f31df6b47b620

    • SSDEEP

      24576:D1o9IkBL4tXTL5g7tFUBde4x9jBbke0fFkd7:D2IDLKBWO899bke0qd

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks