General

  • Target

    Request for quotation.exe

  • Size

    561KB

  • Sample

    221209-ml3gesda24

  • MD5

    99bbaa54e597de53a3db66bb29fdbbc9

  • SHA1

    ba9bf171acc6c2d7e897dc0a14515ff8e410d14a

  • SHA256

    2a63a204abf0c8437b694e8b31e048a1c25bdebfae0cfda7e6e2bf469f74be1c

  • SHA512

    7fd6b89ecda676aa7f664d6ec0ebb447ab5de5d95f30de247216355a37d16f6d8c1d68077876690da3df2fd9ea5803f5e6e64715da211e5f7d7a0bae3bfaaee2

  • SSDEEP

    12288:2i3ArxsUjZytOBwImCTSuXz5S/FoDrXcGVf8kC9+Q1:2wArxsUZcORVpX9SMXPVf83

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Request for quotation.exe

    • Size

      561KB

    • MD5

      99bbaa54e597de53a3db66bb29fdbbc9

    • SHA1

      ba9bf171acc6c2d7e897dc0a14515ff8e410d14a

    • SHA256

      2a63a204abf0c8437b694e8b31e048a1c25bdebfae0cfda7e6e2bf469f74be1c

    • SHA512

      7fd6b89ecda676aa7f664d6ec0ebb447ab5de5d95f30de247216355a37d16f6d8c1d68077876690da3df2fd9ea5803f5e6e64715da211e5f7d7a0bae3bfaaee2

    • SSDEEP

      12288:2i3ArxsUjZytOBwImCTSuXz5S/FoDrXcGVf8kC9+Q1:2wArxsUZcORVpX9SMXPVf83

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks