Overview

overview

10

Static

static

1

PO7313 2023-02.exe

windows7-x64

10

PO7313 2023-02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO7313 2023-02.gz

  • Size

    582KB

  • Sample

    230220-nbajbsab7s

  • MD5

    1b1cae0b7e396659ccbd2cb956047258

  • SHA1

    baebf73afaa50d8d710ebe14651b09f244fb74aa

  • SHA256

    ce77e7f5813c623caecb1ee1c013c54c986af73af7d1cff041f666860ff18163

  • SHA512

    928952738a2af36ce332f5177e4f3f77d96253134cfc45982fed58a917316144d2f69e6a979efd03c2ce83d5d48722b43a473e1b783292b3235a8c672daa2b78

  • SSDEEP

    12288:ff811lAM+bgosEjdgaRoU9XuzxlesW4fKvOP/2XJi29Lqv:8flD+1J5oLOeimH+J79LQ

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      PO7313 2023-02.exe

    • Size

      597KB

    • MD5

      1a496bebdf47aaee63127ad8e0f2c038

    • SHA1

      0b4c18d15e7e03fdc58f942236591d01db2a0e15

    • SHA256

      8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3

    • SHA512

      534c1b75d3d581ca07c831ddec2639559f63a4f532b8fa97126f23cbf49dc5b58184a7f0027182b8aed3cb4c028ed334860f15164aa092656289435d3e9acb6d

    • SSDEEP

      12288:/Ytho+cYQo+uRRAkbIWsRQ219z0EnDWg9/YG6B5ZdZOkiM:/Yt4YQoRqkV2Eg9h6JdV

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks