General

  • Target

    35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0

  • Size

    727KB

  • Sample

    230201-mrqd2seg5x

  • MD5

    6f8bb2ff11646a8e47c1b2a27d475010

  • SHA1

    a300b7be64343ce6ab88edb0c71f3052663674d4

  • SHA256

    35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0

  • SHA512

    97eb09ab5e244d1e367104efd1a17267390589121a58a1840e282f7ef15ceea933432168dae8caf31d6ca35af3fa9341c9f604b9e944aea86983484ace961e36

  • SSDEEP

    12288:csyxZCYQneRW88If1cmRBPA0nV2sb+xUVWcyN:cjZCr7gf1cIA0nos6Cn

Score
10/10

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    budgetn.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    X&Y=[g89L4D/**

Targets

    • Target

      35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0

    • Size

      727KB

    • MD5

      6f8bb2ff11646a8e47c1b2a27d475010

    • SHA1

      a300b7be64343ce6ab88edb0c71f3052663674d4

    • SHA256

      35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0

    • SHA512

      97eb09ab5e244d1e367104efd1a17267390589121a58a1840e282f7ef15ceea933432168dae8caf31d6ca35af3fa9341c9f604b9e944aea86983484ace961e36

    • SSDEEP

      12288:csyxZCYQneRW88If1cmRBPA0nV2sb+xUVWcyN:cjZCr7gf1cIA0nos6Cn

    Score
    10/10
    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks