Overview

overview

10

Static

static

1

709b07ef6d...92.exe

windows7-x64

10

709b07ef6d...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76ef6dcc228516addb85969c619845f8.bin

  • Size

    491KB

  • Sample

    230317-jcw2haeh29

  • MD5

    52465d96e760922dbb8b9f6b2adf6461

  • SHA1

    cbffe4179cfde611b4caf8714394f679070ceb26

  • SHA256

    43e28ba3b9b24c3b8f203ebeaaabbce7028636fe7a2008386ea25f9b8e56f3e1

  • SHA512

    c915d0912867c40c97a0dd42778bf612d0dcd634bb14b4a29030e5c64dbec156635e2fdc5f0e51781bee93225f09e521729a11bfeb1d5e3264fdf2bacb91709e

  • SSDEEP

    12288:napRPMe50x/q41svpqz39Rhng9Na5BoCLaSPrdmWT5+oTEo:apRZ0x/V1QqzNRUa3jdmgb

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592.exe

    • Size

      504KB

    • MD5

      76ef6dcc228516addb85969c619845f8

    • SHA1

      ec42d448daf3645b980588f03e4a1d50a068e302

    • SHA256

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

    • SHA512

      4b37f2b3b5977a9d55021c02654095d79125838df1759684a93d08732777fe411841395179198a7c121b1f3ffd59d7c7d31b2ed9387d4e0765265c09716d1f0e

    • SSDEEP

      12288:/YuffiNQGwOEphdUyTd7RqcNEb2SqH4y8jw:/YuffiQGwOERlucuqbv

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks