General

  • Target

    Purchase Order.exe

  • Size

    1012KB

  • Sample

    221030-qjx1pscbd6

  • MD5

    7488038af7f8186a5f38f337b2a97a27

  • SHA1

    1ed765da594deb249734c196d2d5ddb45eb888cb

  • SHA256

    72b53805a4f865668bae4e6623be68b8c47e672910f5ebbbe42cbd6605ad35e1

  • SHA512

    fd361d4355c6e419ccfa3ec882612495e21e6f61aa77666132f9749827940e5c7cc5949afc8b2f32ca30b81d8863056d2e8743bf6fc37e760fba6c0e447f9c43

  • SSDEEP

    24576:C1oN67sWLUxMdLLBGpriRrl4Jiz69s2i/hd4pWgOj1zZnO:CkFxMdPqGRaJK/kpWgE

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase Order.exe

    • Size

      1012KB

    • MD5

      7488038af7f8186a5f38f337b2a97a27

    • SHA1

      1ed765da594deb249734c196d2d5ddb45eb888cb

    • SHA256

      72b53805a4f865668bae4e6623be68b8c47e672910f5ebbbe42cbd6605ad35e1

    • SHA512

      fd361d4355c6e419ccfa3ec882612495e21e6f61aa77666132f9749827940e5c7cc5949afc8b2f32ca30b81d8863056d2e8743bf6fc37e760fba6c0e447f9c43

    • SSDEEP

      24576:C1oN67sWLUxMdLLBGpriRrl4Jiz69s2i/hd4pWgOj1zZnO:CkFxMdPqGRaJK/kpWgE

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks