General
-
Target
00750097.EXE.exe
-
Size
1017KB
-
Sample
221114-qv8xcabh42
-
MD5
fc8dddeee9f2966b241a314a520ba97d
-
SHA1
a7290a06198b604608fd4beb6b03f7b022de115d
-
SHA256
cc50f62eea448e971a055d706b0ebb3dc63ac626e7fe1ef47e96463c15fb0d50
-
SHA512
c203a4b1606614c409cc4d3564f33554a6306ebb2485c04d2e6161e6a1fe8f0851b66d7100194bbe066c3aab5e595fd51ae5187ab148ecaf1f2d0da5495d8da5
-
SSDEEP
24576:BjwWZKSCkEyTwM/CjYu5DPH8R3io3F93/:BEbSCkESvwYQMSoV9P
Static task
static1
Behavioral task
behavioral1
Sample
00750097.EXE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
00750097.EXE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5521344267:AAGDBvY-lI_YdOdmLvEBBd-Hdagc9tnOF84/sendMessage?chat_id=5609126484
Targets
-
-
Target
00750097.EXE.exe
-
Size
1017KB
-
MD5
fc8dddeee9f2966b241a314a520ba97d
-
SHA1
a7290a06198b604608fd4beb6b03f7b022de115d
-
SHA256
cc50f62eea448e971a055d706b0ebb3dc63ac626e7fe1ef47e96463c15fb0d50
-
SHA512
c203a4b1606614c409cc4d3564f33554a6306ebb2485c04d2e6161e6a1fe8f0851b66d7100194bbe066c3aab5e595fd51ae5187ab148ecaf1f2d0da5495d8da5
-
SSDEEP
24576:BjwWZKSCkEyTwM/CjYu5DPH8R3io3F93/:BEbSCkESvwYQMSoV9P
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-