General

  • Target

    1904-67-0x0000000000400000-0x0000000000472000-memory.dmp

  • Size

    456KB

  • Sample

    221114-q71fqsgc71

  • MD5

    0ea70ed3d75795d940f6a392bb2f2478

  • SHA1

    40d9c1e1b8c916606767f754bf64244561dc52c0

  • SHA256

    48e3972b617d80d2c442d625ecc662996aa878c163283ec3e3c1b9ac88b97792

  • SHA512

    4dc444a0115d43011165ed536033a4852117f6dd9344e83c5e4ef636d551b4e60746e6eeedb5da547d7cb22c80fafd3006f15dee5d7f35dc7b23bf2faa2971b9

  • SSDEEP

    12288:gWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:jxgsRftD0C2nKG

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5521344267:AAGDBvY-lI_YdOdmLvEBBd-Hdagc9tnOF84/sendMessage?chat_id=5609126484

Targets

    • Target

      1904-67-0x0000000000400000-0x0000000000472000-memory.dmp

    • Size

      456KB

    • MD5

      0ea70ed3d75795d940f6a392bb2f2478

    • SHA1

      40d9c1e1b8c916606767f754bf64244561dc52c0

    • SHA256

      48e3972b617d80d2c442d625ecc662996aa878c163283ec3e3c1b9ac88b97792

    • SHA512

      4dc444a0115d43011165ed536033a4852117f6dd9344e83c5e4ef636d551b4e60746e6eeedb5da547d7cb22c80fafd3006f15dee5d7f35dc7b23bf2faa2971b9

    • SSDEEP

      12288:gWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:jxgsRftD0C2nKG

    Score
    6/10
    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks