General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.23016.13533.exe

  • Size

    800KB

  • Sample

    221201-d2hyaaah25

  • MD5

    502485879e64bb095637b7b28aa9f753

  • SHA1

    bff34f5e2392eef629ecac1f13d31aa2313b040f

  • SHA256

    6d4991fcf138200aacef788de1bdef481b0bef6200652e64348285614c2d7f20

  • SHA512

    da861d6a3d429d5553041ebd52633f878d2d7c56c6382d0fa6f179cf6033237bac681a5391056fef6817b3c106728c956c8802e9171dee158782e190463c0d89

  • SSDEEP

    24576:bGrcoegscYmGBZTFtt0h92KWKe0Sh+Dxa9j:IcnuYmGnTFtt0qHT95

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.23016.13533.exe

    • Size

      800KB

    • MD5

      502485879e64bb095637b7b28aa9f753

    • SHA1

      bff34f5e2392eef629ecac1f13d31aa2313b040f

    • SHA256

      6d4991fcf138200aacef788de1bdef481b0bef6200652e64348285614c2d7f20

    • SHA512

      da861d6a3d429d5553041ebd52633f878d2d7c56c6382d0fa6f179cf6033237bac681a5391056fef6817b3c106728c956c8802e9171dee158782e190463c0d89

    • SSDEEP

      24576:bGrcoegscYmGBZTFtt0h92KWKe0Sh+Dxa9j:IcnuYmGnTFtt0qHT95

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks