General
-
Target
Request for quotation.exe
-
Size
561KB
-
Sample
221209-ml3gesda24
-
MD5
99bbaa54e597de53a3db66bb29fdbbc9
-
SHA1
ba9bf171acc6c2d7e897dc0a14515ff8e410d14a
-
SHA256
2a63a204abf0c8437b694e8b31e048a1c25bdebfae0cfda7e6e2bf469f74be1c
-
SHA512
7fd6b89ecda676aa7f664d6ec0ebb447ab5de5d95f30de247216355a37d16f6d8c1d68077876690da3df2fd9ea5803f5e6e64715da211e5f7d7a0bae3bfaaee2
-
SSDEEP
12288:2i3ArxsUjZytOBwImCTSuXz5S/FoDrXcGVf8kC9+Q1:2wArxsUZcORVpX9SMXPVf83
Static task
static1
Behavioral task
behavioral1
Sample
Request for quotation.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Request for quotation.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
Request for quotation.exe
-
Size
561KB
-
MD5
99bbaa54e597de53a3db66bb29fdbbc9
-
SHA1
ba9bf171acc6c2d7e897dc0a14515ff8e410d14a
-
SHA256
2a63a204abf0c8437b694e8b31e048a1c25bdebfae0cfda7e6e2bf469f74be1c
-
SHA512
7fd6b89ecda676aa7f664d6ec0ebb447ab5de5d95f30de247216355a37d16f6d8c1d68077876690da3df2fd9ea5803f5e6e64715da211e5f7d7a0bae3bfaaee2
-
SSDEEP
12288:2i3ArxsUjZytOBwImCTSuXz5S/FoDrXcGVf8kC9+Q1:2wArxsUZcORVpX9SMXPVf83
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-