Overview

overview

10

Static

static

1

PO7313 2023-02.exe

windows7-x64

10

PO7313 2023-02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b1cae0b7e396659ccbd2cb956047258.bin

  • Size

    582KB

  • Sample

    230222-bc8fjahc29

  • MD5

    1e8654400821654f3bf9c03b21f94b99

  • SHA1

    36f4e665a0bb7df649892ffb35297aad4423dd8b

  • SHA256

    16d90a9d5e0168f9e3fa39326a2fb8cd658d1a977ad69f284063b32f09cc9f9f

  • SHA512

    f262428a1d09b46cc7e7c5ed8c24a2f264403b3c38ca1e11bce849cd0c7d5cfe57b03b214174a392f2e8de28103d5523d03b62efa7fbcf221fbb6f1281586f6a

  • SSDEEP

    12288:GPgFDmIjiJo2CjnfPSgD9YyLSN6KChwVf95NQlfHeU1W+QUi1:GIF6Jo2CjSgJSNAh4nQgZn1

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      PO7313 2023-02.exe

    • Size

      597KB

    • MD5

      1a496bebdf47aaee63127ad8e0f2c038

    • SHA1

      0b4c18d15e7e03fdc58f942236591d01db2a0e15

    • SHA256

      8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3

    • SHA512

      534c1b75d3d581ca07c831ddec2639559f63a4f532b8fa97126f23cbf49dc5b58184a7f0027182b8aed3cb4c028ed334860f15164aa092656289435d3e9acb6d

    • SSDEEP

      12288:/Ytho+cYQo+uRRAkbIWsRQ219z0EnDWg9/YG6B5ZdZOkiM:/Yt4YQoRqkV2Eg9h6JdV

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks