Overview

overview

10

Static

static

1

PO_NOD361640407.exe

windows7-x64

10

PO_NOD361640407.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02E0E775684E9C702EA3467FB12C7AC5C819C5BAF7B3A4C0AEDB53D24336DA23

  • Size

    494KB

  • Sample

    230314-rtlabshg9w

  • MD5

    582a3fe08271791246c871cf021f4a0d

  • SHA1

    e52baa2ab793c645a14bcef3e43807146d4c579f

  • SHA256

    02e0e775684e9c702ea3467fb12c7ac5c819c5baf7b3a4c0aedb53d24336da23

  • SHA512

    378623acf1fb35c5ea04691288307c7eef8548c8584a493685b4a896e56244d13688e70df37a2c3707e4eeb975d69697380694da6858191341f3d452ea7aeced

  • SSDEEP

    12288:JlJb7hJtkYNntmkGKmIL/o55euxxClLJW6/jlAKiEFD:JlRXNtxk5euxxClLg6RiiD

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      PO_NOD361640407.exe

    • Size

      507KB

    • MD5

      36ee10e6a66f23f15c8f22f3a446facb

    • SHA1

      9ec9c892f375abc10508b5db565ab959d48bd127

    • SHA256

      d6ae7fc8b53cc5e38e27e5c364806ddab33fb6a2b3339ecb8e79cce57839c21d

    • SHA512

      85db305b945f2f6a14c04d0b30e59643ccce5f8b0f214614c6b58d032f47f181a6a45498ea6e1fec23a24fbc7e8cbc7ea9cec7d402d894fc9e3b088bfa8d4e09

    • SSDEEP

      12288:/YyvATUqd2XlTTuFa0uJ1iku0efT1l4gsz26VXPSjzRaWsVLwsJP:/Yyv5I2X4FiJu0al4gsz26wzYt91

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks