General
-
Target
1904-67-0x0000000000400000-0x0000000000472000-memory.dmp
-
Size
456KB
-
Sample
221114-q71fqsgc71
-
MD5
0ea70ed3d75795d940f6a392bb2f2478
-
SHA1
40d9c1e1b8c916606767f754bf64244561dc52c0
-
SHA256
48e3972b617d80d2c442d625ecc662996aa878c163283ec3e3c1b9ac88b97792
-
SHA512
4dc444a0115d43011165ed536033a4852117f6dd9344e83c5e4ef636d551b4e60746e6eeedb5da547d7cb22c80fafd3006f15dee5d7f35dc7b23bf2faa2971b9
-
SSDEEP
12288:gWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:jxgsRftD0C2nKG
Behavioral task
behavioral1
Sample
1904-67-0x0000000000400000-0x0000000000472000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1904-67-0x0000000000400000-0x0000000000472000-memory.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5521344267:AAGDBvY-lI_YdOdmLvEBBd-Hdagc9tnOF84/sendMessage?chat_id=5609126484
Targets
-
-
Target
1904-67-0x0000000000400000-0x0000000000472000-memory.dmp
-
Size
456KB
-
MD5
0ea70ed3d75795d940f6a392bb2f2478
-
SHA1
40d9c1e1b8c916606767f754bf64244561dc52c0
-
SHA256
48e3972b617d80d2c442d625ecc662996aa878c163283ec3e3c1b9ac88b97792
-
SHA512
4dc444a0115d43011165ed536033a4852117f6dd9344e83c5e4ef636d551b4e60746e6eeedb5da547d7cb22c80fafd3006f15dee5d7f35dc7b23bf2faa2971b9
-
SSDEEP
12288:gWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:jxgsRftD0C2nKG
Score6/10-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-