Overview

overview

10

Static

static

1

709b07ef6d...92.exe

windows7-x64

10

709b07ef6d...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592.zip

  • Size

    491KB

  • Sample

    230321-qp3hdace8y

  • MD5

    883697d475e6349684019a2d5ef0e154

  • SHA1

    f06b9985a86751bfb511471cb0134953bb6654b9

  • SHA256

    fe9792914b46af7d5810312a7c7f97409d731a254008eb5e3868f84707e3f441

  • SHA512

    75dc56d8a4f8a1c60dfe7b7919ec095ccfb5ebeaad0f64207c3a02a912d7b9c8c90b7e4779dbc3e9fb7e43d85dbe2f6d3db2209880177c99c036271c9b210b30

  • SSDEEP

    12288:xveFrnb4OhiPvWhcG2ZBm5B77Tz5iw5vqJqpiqlZUTRZ:xmVnjhsv3a5BLVaJqpiYUVZ

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592.exe

    • Size

      504KB

    • MD5

      76ef6dcc228516addb85969c619845f8

    • SHA1

      ec42d448daf3645b980588f03e4a1d50a068e302

    • SHA256

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

    • SHA512

      4b37f2b3b5977a9d55021c02654095d79125838df1759684a93d08732777fe411841395179198a7c121b1f3ffd59d7c7d31b2ed9387d4e0765265c09716d1f0e

    • SSDEEP

      12288:/YuffiNQGwOEphdUyTd7RqcNEb2SqH4y8jw:/YuffiQGwOERlucuqbv

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks