Overview

overview

10

Static

static

1

369f328fcd...e6.exe

windows7-x64

10

369f328fcd...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6462aa84dcd781e3ef0398d565d6f7b.bin

  • Size

    590KB

  • Sample

    230116-kwjqyscf22

  • MD5

    36426e44a7e803b60eac89ba94e31a89

  • SHA1

    c9a3f7a97965351bd1a0f6a3afa6478c1f55e036

  • SHA256

    0204039959ecb84f761dfee54a234bd5a899daefd2769b0093e01517affe2c23

  • SHA512

    9835c3cc2c5c614c11cb0e6c139b16f408fa1ba7735054616ef11deb560e39c2af92ab3bdf825e014a3e566b073d353664f39a8ef759e280f599bb17d2221686

  • SSDEEP

    12288:dFjdXvdudVHejZrrGxliCQ+ultdH8tK75hyVzxGm+Lo3a:dFjpvdGV+jZ3GHLVCtdHIK75hyVzxT+J

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      369f328fcd9ea57d880cbf4d770290b2134fe68a7091fdc27d5da7ec313198e6.exe

    • Size

      602KB

    • MD5

      f6462aa84dcd781e3ef0398d565d6f7b

    • SHA1

      6b455aa36033be84072c6a353d39ee1fae4e6d41

    • SHA256

      369f328fcd9ea57d880cbf4d770290b2134fe68a7091fdc27d5da7ec313198e6

    • SHA512

      29420eeb155d40a0d86a1f5d2bd27bb708dd0f55d6c64cd79d0f6812744c8ab2b7d9493f32884cbe5a5fa960a90479a7c530dbbc01029e7af458ce3977bc0180

    • SSDEEP

      12288:XfpX2ycT2qM5DF6OLMwSwC8TL5JPGgkd6RZ3HlhV1ygZ5F5RTz6o:sPM5EcM/kLb1O6R9lv4y58o

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks