General

  • Target

    00750097.EXE.exe

  • Size

    1017KB

  • Sample

    221114-qv8xcabh42

  • MD5

    fc8dddeee9f2966b241a314a520ba97d

  • SHA1

    a7290a06198b604608fd4beb6b03f7b022de115d

  • SHA256

    cc50f62eea448e971a055d706b0ebb3dc63ac626e7fe1ef47e96463c15fb0d50

  • SHA512

    c203a4b1606614c409cc4d3564f33554a6306ebb2485c04d2e6161e6a1fe8f0851b66d7100194bbe066c3aab5e595fd51ae5187ab148ecaf1f2d0da5495d8da5

  • SSDEEP

    24576:BjwWZKSCkEyTwM/CjYu5DPH8R3io3F93/:BEbSCkESvwYQMSoV9P

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5521344267:AAGDBvY-lI_YdOdmLvEBBd-Hdagc9tnOF84/sendMessage?chat_id=5609126484

Targets

    • Target

      00750097.EXE.exe

    • Size

      1017KB

    • MD5

      fc8dddeee9f2966b241a314a520ba97d

    • SHA1

      a7290a06198b604608fd4beb6b03f7b022de115d

    • SHA256

      cc50f62eea448e971a055d706b0ebb3dc63ac626e7fe1ef47e96463c15fb0d50

    • SHA512

      c203a4b1606614c409cc4d3564f33554a6306ebb2485c04d2e6161e6a1fe8f0851b66d7100194bbe066c3aab5e595fd51ae5187ab148ecaf1f2d0da5495d8da5

    • SSDEEP

      24576:BjwWZKSCkEyTwM/CjYu5DPH8R3io3F93/:BEbSCkESvwYQMSoV9P

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.