Overview

overview

10

Static

static

1

SALARY RECEIPT.exe

windows7-x64

10

SALARY RECEIPT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SALARY RECEIPT.exe

  • Size

    3.3MB

  • Sample

    230309-rwaavabg31

  • MD5

    bc9e97f5f18b18824f0d7d4b57603f8d

  • SHA1

    a4f93b7a36b7584fe7ef3bc8e5f5e171a57933d5

  • SHA256

    ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9

  • SHA512

    5a8bbf32d1a7f3301133c0466b7af051fa6c9c92d33cab5636a3788aa703eb998f0992c89125f0978c2ced43992ad46bd9d6346557ccb8189c74b024ceeb2204

  • SSDEEP

    49152:3YlX8PHUEni17exKgyLiTJVr3SEUnbMXS+q3C:3YlX8P

Score
10/10
blustealercollectionpersistencespywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645

Targets

    • Target

      SALARY RECEIPT.exe

    • Size

      3.3MB

    • MD5

      bc9e97f5f18b18824f0d7d4b57603f8d

    • SHA1

      a4f93b7a36b7584fe7ef3bc8e5f5e171a57933d5

    • SHA256

      ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9

    • SHA512

      5a8bbf32d1a7f3301133c0466b7af051fa6c9c92d33cab5636a3788aa703eb998f0992c89125f0978c2ced43992ad46bd9d6346557ccb8189c74b024ceeb2204

    • SSDEEP

      49152:3YlX8PHUEni17exKgyLiTJVr3SEUnbMXS+q3C:3YlX8P

    Score
    10/10
    blustealercollectionpersistencespywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks