General

  • Target

    Request For Quotation.exe

  • Size

    502KB

  • Sample

    230222-rht34adg7s

  • MD5

    e6759016429ab2d38c9a9497325c5746

  • SHA1

    8d4a9bd427e937d523968d57f8bced231189624e

  • SHA256

    20919ab5a667f7a8ef3d7d1e614f3e448bf875a066ac56c257e2e07878f6e336

  • SHA512

    f266a3958d48efc6a9b105c62eb0cfd8d30e810b3f247e065b9b62a0f62f70642b1964a7d570f22f16a64cd1430cfa25c3de53201282773b1bd0b5ef352485b1

  • SSDEEP

    12288:vYqsd1RU0HAn7av42cnY/jVFIegYLTvEOLhPMuOBmO:vYqsd1DZ42ci7lLTsOBMucmO

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Request For Quotation.exe

    • Size

      502KB

    • MD5

      e6759016429ab2d38c9a9497325c5746

    • SHA1

      8d4a9bd427e937d523968d57f8bced231189624e

    • SHA256

      20919ab5a667f7a8ef3d7d1e614f3e448bf875a066ac56c257e2e07878f6e336

    • SHA512

      f266a3958d48efc6a9b105c62eb0cfd8d30e810b3f247e065b9b62a0f62f70642b1964a7d570f22f16a64cd1430cfa25c3de53201282773b1bd0b5ef352485b1

    • SSDEEP

      12288:vYqsd1RU0HAn7av42cnY/jVFIegYLTvEOLhPMuOBmO:vYqsd1DZ42ci7lLTsOBMucmO

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks