Overview

overview

10

Static

static

1

PO7313 2023-02.exe

windows7-x64

10

PO7313 2023-02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO7313 2023-02.exe

  • Size

    597KB

  • Sample

    230220-waklxadf2s

  • MD5

    1a496bebdf47aaee63127ad8e0f2c038

  • SHA1

    0b4c18d15e7e03fdc58f942236591d01db2a0e15

  • SHA256

    8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3

  • SHA512

    534c1b75d3d581ca07c831ddec2639559f63a4f532b8fa97126f23cbf49dc5b58184a7f0027182b8aed3cb4c028ed334860f15164aa092656289435d3e9acb6d

  • SSDEEP

    12288:/Ytho+cYQo+uRRAkbIWsRQ219z0EnDWg9/YG6B5ZdZOkiM:/Yt4YQoRqkV2Eg9h6JdV

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      PO7313 2023-02.exe

    • Size

      597KB

    • MD5

      1a496bebdf47aaee63127ad8e0f2c038

    • SHA1

      0b4c18d15e7e03fdc58f942236591d01db2a0e15

    • SHA256

      8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3

    • SHA512

      534c1b75d3d581ca07c831ddec2639559f63a4f532b8fa97126f23cbf49dc5b58184a7f0027182b8aed3cb4c028ed334860f15164aa092656289435d3e9acb6d

    • SSDEEP

      12288:/Ytho+cYQo+uRRAkbIWsRQ219z0EnDWg9/YG6B5ZdZOkiM:/Yt4YQoRqkV2Eg9h6JdV

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks