General
-
Target
DETAILS AND INVOICES.exe
-
Size
2.4MB
-
Sample
230308-d4y3aadc8w
-
MD5
888a18230e69a8ba0c420042bcb6e758
-
SHA1
0b0dcb23577efc327acdd2ff052bb3d54693d715
-
SHA256
d50e53128afae84f81f41fce22e7ce3f13442485d7c7ce3bb1417afaba6c9c05
-
SHA512
d20488366904fda6dccb6a92c4ad0bfc74d2c74702e2f4cadef197cdf1e3f37cd39f3b35a8df9bfc8d3f9a71bfb4fefa6adf0b5f4b8f4cf8eb017367847fd3cc
-
SSDEEP
24576:sE9iqdFA3SA2PWRLxlTP0q0prBMsOZORHJd5SbyBRJ4y4c2TsdZh8FzxZ+hLAwKu:79vgIWRbb0RtYQBXhcOatvd4oS
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645
Targets
-
-
Target
DETAILS AND INVOICES.exe
-
Size
2.4MB
-
MD5
888a18230e69a8ba0c420042bcb6e758
-
SHA1
0b0dcb23577efc327acdd2ff052bb3d54693d715
-
SHA256
d50e53128afae84f81f41fce22e7ce3f13442485d7c7ce3bb1417afaba6c9c05
-
SHA512
d20488366904fda6dccb6a92c4ad0bfc74d2c74702e2f4cadef197cdf1e3f37cd39f3b35a8df9bfc8d3f9a71bfb4fefa6adf0b5f4b8f4cf8eb017367847fd3cc
-
SSDEEP
24576:sE9iqdFA3SA2PWRLxlTP0q0prBMsOZORHJd5SbyBRJ4y4c2TsdZh8FzxZ+hLAwKu:79vgIWRbb0RtYQBXhcOatvd4oS
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-