Overview

overview

10

Static

static

1

Request Fo...on.exe

windows7-x64

10

Request Fo...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request For Quotation.gz

  • Size

    505KB

  • Sample

    230223-qgt62afh67

  • MD5

    4be1c2beb15d9dcc3f40281b06251290

  • SHA1

    7b6d02f57e3fec37e07be5b9dbca85d09e566965

  • SHA256

    a441f7a3089ad5ceeb0692fcfee7a22a3f0a6a1791c4acaab1de71db23cfb7ee

  • SHA512

    981fe812984a0e164499cf089c99646fdee3209959321db70aeaba0e5b2d519b00f6e27b81378706bfba9f1b419bc3072570d9826312dae43f67d8f92255e8af

  • SSDEEP

    12288:IPvbohhuUqVGlVoZiUVxsXeSiv0K+V+7kJ8:I8HDlSpXEniv0LJ8

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Request For Quotation.exe

    • Size

      520KB

    • MD5

      ac92da6c3c72d2ffd2bcfd2069e2a5ec

    • SHA1

      c0fe0ad6c500e8c147c538491d92f790f4b7852a

    • SHA256

      e0042984cd831b02a7c2b7cb18915c2198302406aabe5c1c3d2decf7c6b252e1

    • SHA512

      0cd6151ce7a17da1843115d8607bc9e0b8102b6a0fda49ba7721d0c3b8a37263096a19a75c774b49bf88d56e391de56893b05bbd501b1424c590de1a2627ded2

    • SSDEEP

      12288:vY7tZQcyX/AYo2cYQxWXn4L0WXOs5R0TybkSffYp99Z4NY4hMg+:vY7t+VXBtQghq7JfYpB4K4hMX

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks