General

  • Target

    6c912191a6853ca9717c37053a4ab7014d6980e48d846a8c777e7ee056cf4a56

  • Size

    852KB

  • Sample

    221114-j99c4afg82

  • MD5

    573b0103956eb1c9f12e2a2adcc77846

  • SHA1

    50e9fd321b9b1f39b6430b01941562ba924e40c0

  • SHA256

    6c912191a6853ca9717c37053a4ab7014d6980e48d846a8c777e7ee056cf4a56

  • SHA512

    ab26ac29ae7135cd6dcc5e95e6f9af290fadad9ab9afc87af60f38615a210a1a1d908d34e8796fe18108847b02cb51c1f6eb8f886237d1b0c8838edb5f4f9ef4

  • SSDEEP

    24576:OVwhMBsRpeiKuSbWY7XM970ZNmapxyJoyLJnM:OVw+XUSqH970Zwa1S

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      6c912191a6853ca9717c37053a4ab7014d6980e48d846a8c777e7ee056cf4a56

    • Size

      852KB

    • MD5

      573b0103956eb1c9f12e2a2adcc77846

    • SHA1

      50e9fd321b9b1f39b6430b01941562ba924e40c0

    • SHA256

      6c912191a6853ca9717c37053a4ab7014d6980e48d846a8c777e7ee056cf4a56

    • SHA512

      ab26ac29ae7135cd6dcc5e95e6f9af290fadad9ab9afc87af60f38615a210a1a1d908d34e8796fe18108847b02cb51c1f6eb8f886237d1b0c8838edb5f4f9ef4

    • SSDEEP

      24576:OVwhMBsRpeiKuSbWY7XM970ZNmapxyJoyLJnM:OVw+XUSqH970Zwa1S

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks