Overview

overview

10

Static

static

1

SALARY RECEIPT.exe

windows7-x64

10

SALARY RECEIPT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85d3d548fea1f4e1a1580a310ec2e0bcafaed400134feb76a0f6d25afb4f8628

  • Size

    3.4MB

  • Sample

    230310-r9pmpaeb86

  • MD5

    cd6cdca8f8018f86cb50d00bc019e41c

  • SHA1

    a10e06fab02ecc7aba0c5197ff33cd79b981b68e

  • SHA256

    85d3d548fea1f4e1a1580a310ec2e0bcafaed400134feb76a0f6d25afb4f8628

  • SHA512

    8156af890c99379302a1f9e9a6cc272b957c6ee5f483438c6a57bea7facec11749827ee5299da759550f38298c96bf15bb9cd79f69a812ea1c55635a0c94030c

  • SSDEEP

    49152:FYlX8PHUEni17exKgyLiTJVr3SEUnbMXS+q3C:FYlX8P

Score
10/10
blustealercollectionpersistencespywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645

Targets

    • Target

      SALARY RECEIPT.exe

    • Size

      3.3MB

    • MD5

      bc9e97f5f18b18824f0d7d4b57603f8d

    • SHA1

      a4f93b7a36b7584fe7ef3bc8e5f5e171a57933d5

    • SHA256

      ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9

    • SHA512

      5a8bbf32d1a7f3301133c0466b7af051fa6c9c92d33cab5636a3788aa703eb998f0992c89125f0978c2ced43992ad46bd9d6346557ccb8189c74b024ceeb2204

    • SSDEEP

      49152:3YlX8PHUEni17exKgyLiTJVr3SEUnbMXS+q3C:3YlX8P

    Score
    10/10
    blustealercollectionpersistencespywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks