General

  • Target

    Order Request.gz

  • Size

    865KB

  • Sample

    221130-l4hpasde4w

  • MD5

    9007a31a94bec476af62430966bf56e9

  • SHA1

    5786b0fc31b21d0ad67368e791d8688e0f1feaa1

  • SHA256

    16d842e8d7472cf98eee098f6a0f9b3ad5f3668928c86a898da187dc9106b6e3

  • SHA512

    77e608fe7c301fb2e557de6ba11faff25df94b86c669e001f19ef3fd86b0b757b36c918fd64ef99d5768f63fb78a035e17f83dd80ade6a53915bc4992d86f148

  • SSDEEP

    24576:XKgGQzfws76mYWyNr5gnlotOAR16prckINP2Bd:HGQzt7AWyPga8AREGNOb

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Order Request.exe

    • Size

      1.0MB

    • MD5

      0751cb9453ccc6d6576c8e6583e8e8df

    • SHA1

      c78f7efa2c57394097eca6c222f52dc6c5169515

    • SHA256

      6f6927018a479ebbb860f5010a88d14ddaa2c64756e06ba9f0326ca15462b4e4

    • SHA512

      ca93c74695ffc078236a868dfa8fdbaeec4af0cf3075377390aa6533c0fc4944aa0ac62fbe20cc7e2eaba1581cfbc48adcdac554ccefb4ce700dd4f803f7a35a

    • SSDEEP

      24576:vZqB/XCxqrTElFByv3DCYlWSGHsGoR4Dq:GX5nE+3DCYlWSGMJ4+

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks