General

  • Target

    RFQ# 437179.exe

  • Size

    562KB

  • Sample

    221207-xs8l5aag8s

  • MD5

    dded803ba4269da1756fc43235dfbcf0

  • SHA1

    b33cbfc5cce9a52c20cb92521c13b0b2140d6ad8

  • SHA256

    705a5f8f4299ced58dcbd2498becd1d5c53a9fa4ee6b84a457eef9f4113f5463

  • SHA512

    37792b21f4d112286e38f7b17699d28f815c8c60c7b3ed2c3b366f2d6cfa8736d751be1a26ea8f367fc393b5ecf4f6653914b28c270017f322854aa21e2dd667

  • SSDEEP

    12288:guarcBuv8Q7MHctIHPwvnZMoy12nyDNzazm5WANPRvYZJzmZLjm7cY:gfg9EMHhHQFyDR0EWCPVYZJzUPxY

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ# 437179.exe

    • Size

      562KB

    • MD5

      dded803ba4269da1756fc43235dfbcf0

    • SHA1

      b33cbfc5cce9a52c20cb92521c13b0b2140d6ad8

    • SHA256

      705a5f8f4299ced58dcbd2498becd1d5c53a9fa4ee6b84a457eef9f4113f5463

    • SHA512

      37792b21f4d112286e38f7b17699d28f815c8c60c7b3ed2c3b366f2d6cfa8736d751be1a26ea8f367fc393b5ecf4f6653914b28c270017f322854aa21e2dd667

    • SSDEEP

      12288:guarcBuv8Q7MHctIHPwvnZMoy12nyDNzazm5WANPRvYZJzmZLjm7cY:gfg9EMHhHQFyDR0EWCPVYZJzUPxY

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks