General
-
Target
ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9.zip
-
Size
1.6MB
-
Sample
230321-qp417sce9t
-
MD5
9b9df373f280917f5c84a98e55cdeba6
-
SHA1
d18e529be9e95aca378452911964b480ad320976
-
SHA256
f1e039aa1914c2c96bc016b4dedc5f3465490c50e6b52042157387a5008115da
-
SHA512
8c7f4264163f00c271e334d399220ae011d7a98ae844b0d6f4e05ed2581a77247c5999041ee182bd7c083059f43fbed624cf0c6e7703032c115e5f621270174e
-
SSDEEP
49152:+3CXES9u4n9DHCgzVWQeueerj+Ap3EBTct7f22hj:+2ES939bPWQzj1EBTct7ffF
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645
Targets
-
-
Target
ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9.exe
-
Size
3.3MB
-
MD5
bc9e97f5f18b18824f0d7d4b57603f8d
-
SHA1
a4f93b7a36b7584fe7ef3bc8e5f5e171a57933d5
-
SHA256
ed9b8b2727090a9a786fd014f3716eda74f0943e02c215c04c07613c3f271de9
-
SHA512
5a8bbf32d1a7f3301133c0466b7af051fa6c9c92d33cab5636a3788aa703eb998f0992c89125f0978c2ced43992ad46bd9d6346557ccb8189c74b024ceeb2204
-
SSDEEP
49152:3YlX8PHUEni17exKgyLiTJVr3SEUnbMXS+q3C:3YlX8P
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-