Overview

overview

10

Static

static

1

Purchase-O...02.exe

windows7-x64

10

Purchase-O...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase-Order-7313 2023-02.exe

  • Size

    597KB

  • Sample

    230222-v88wqaef21

  • MD5

    ce8d75a492249b0aff8b6f54e618bc5b

  • SHA1

    50957aa6adc9258523375e69d20dd48b8e56c44e

  • SHA256

    ab6fe5e7101c50804c400d96dca43a6083c7df4e90b4997c05864773405f34c1

  • SHA512

    f92faca2a8cab563d54386ead54f64387302db7788e0b03be7ca4886e3dc20029d9f70c17ff71a0b7e0e8a64970bda6f29f007dcf7d22bf65bc9843ff0bf6377

  • SSDEEP

    12288:/Y6WFJdOlrIy2FwYxV5cVLPP2E+pugVnmsa1u/0AtJ6NX8NVYAau5e:/Y6WhOywYZcVLX2vppnEeJ+XFAaf

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase-Order-7313 2023-02.exe

    • Size

      597KB

    • MD5

      ce8d75a492249b0aff8b6f54e618bc5b

    • SHA1

      50957aa6adc9258523375e69d20dd48b8e56c44e

    • SHA256

      ab6fe5e7101c50804c400d96dca43a6083c7df4e90b4997c05864773405f34c1

    • SHA512

      f92faca2a8cab563d54386ead54f64387302db7788e0b03be7ca4886e3dc20029d9f70c17ff71a0b7e0e8a64970bda6f29f007dcf7d22bf65bc9843ff0bf6377

    • SSDEEP

      12288:/Y6WFJdOlrIy2FwYxV5cVLPP2E+pugVnmsa1u/0AtJ6NX8NVYAau5e:/Y6WhOywYZcVLX2vppnEeJ+XFAaf

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks