General
-
Target
tmp5sm1nnfc
-
Size
501KB
-
Sample
230221-e4sqyafe4t
-
MD5
c6479e3bcb864d87e5d93ff06ed15c60
-
SHA1
af08bbfe61178ee821e85b1f09be975b732387aa
-
SHA256
9842d23cef4dc305ab6b8cd1ade477e1186d94cfd18861e1c87a55aff4d04c40
-
SHA512
c5f4b4638b76b963fe8b731a08c43f67d5a8c512262755f78eca27feea5004e348e85a913926f8afe73accefa6a680bba37207adb37880100cd2f8ff6509b1b6
-
SSDEEP
12288:/YmibSNNCgbjT5hg1s5PiA8C58tpxxqVTEp1B:/YmQoz5hgSN8tpxAVEp1B
Static task
static1
Behavioral task
behavioral1
Sample
tmp5sm1nnfc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp5sm1nnfc.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
tmp5sm1nnfc
-
Size
501KB
-
MD5
c6479e3bcb864d87e5d93ff06ed15c60
-
SHA1
af08bbfe61178ee821e85b1f09be975b732387aa
-
SHA256
9842d23cef4dc305ab6b8cd1ade477e1186d94cfd18861e1c87a55aff4d04c40
-
SHA512
c5f4b4638b76b963fe8b731a08c43f67d5a8c512262755f78eca27feea5004e348e85a913926f8afe73accefa6a680bba37207adb37880100cd2f8ff6509b1b6
-
SSDEEP
12288:/YmibSNNCgbjT5hg1s5PiA8C58tpxxqVTEp1B:/YmQoz5hgSN8tpxAVEp1B
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-