Overview

overview

10

Static

static

1

410f7baad4...ba.exe

windows7-x64

10

410f7baad4...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8606390594.zip

  • Size

    489KB

  • Sample

    221213-ssg2yshf2y

  • MD5

    595c11a6e2babc03f630c81f2a039259

  • SHA1

    374b465308a18a02bd969f0056983859d752ea1f

  • SHA256

    28e9d45ee2450876329e4aeb4004aa51b80ccc6cebc8a3cf8163c44e7efb386a

  • SHA512

    08f267e0590d04270705095b3cc1dac65fa197cc68f941b2fd2526535f9c855e6318475528e269463fa07e48b989dc5caf14f1f99396ee7afec4863a3275aa78

  • SSDEEP

    12288:qhwgtxCiLFlM8jHdBdaetgHerulvF2mi8pvJU:cwgaiLF68BVg+rCkmiUJU

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      410f7baad41c5c770e27ed8f786ef161a389509fe505b97a8c618ad73ab147ba

    • Size

      500KB

    • MD5

      f01662cbdec43cea4bcea75645069dd2

    • SHA1

      90999d548a998292b572ed0830809be1e53a6f25

    • SHA256

      410f7baad41c5c770e27ed8f786ef161a389509fe505b97a8c618ad73ab147ba

    • SHA512

      136c5f9ac49d81c286faa8fb008ddf985d9614909161521c75bd78b9ed93dd982ad7cb7e16f756c0d5cf2a0aceca2349b3ae8f4069e52b291941d024424c05ff

    • SSDEEP

      12288:r0I5u1XkZGYzabbkgbOPixn3BJ7RFZw4XIHdFyJbXl5EnQG3:rP5u1XkUiCfgOnb7RE4AdFu4QO

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks