General

  • Target

    Quotation Required.gz

  • Size

    486KB

  • Sample

    230221-k52ywsec42

  • MD5

    83d89fce1bc18eb8f8208007f39cd208

  • SHA1

    e0b13be8e38b0b52a116fcff9f369306e9206cc5

  • SHA256

    c6bf68a560620fb785c27e00e1695406e86d25c656f6472b3a6886a710aeb238

  • SHA512

    ee27e5794285036963ca93a89e85d022a98fa181f3a2935083c0aa32ee420d04da0ec2e9548af109e491441c66b511ef8db99dd766cad3f92be5d4cafa8170d7

  • SSDEEP

    6144:xrQf6x6ql0qT58PgcueVFZEOCh+hZARZEKh63rZurK5wIHV1Dcu/5QM23nxlQjT9:efAl0qTODARDh63tFxcdM2LQ3t

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Quotation Required.exe

    • Size

      501KB

    • MD5

      c6479e3bcb864d87e5d93ff06ed15c60

    • SHA1

      af08bbfe61178ee821e85b1f09be975b732387aa

    • SHA256

      9842d23cef4dc305ab6b8cd1ade477e1186d94cfd18861e1c87a55aff4d04c40

    • SHA512

      c5f4b4638b76b963fe8b731a08c43f67d5a8c512262755f78eca27feea5004e348e85a913926f8afe73accefa6a680bba37207adb37880100cd2f8ff6509b1b6

    • SSDEEP

      12288:/YmibSNNCgbjT5hg1s5PiA8C58tpxxqVTEp1B:/YmQoz5hgSN8tpxAVEp1B

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks