Overview

overview

10

Static

static

1

Quotation ...ed.exe

windows7-x64

10

Quotation ...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6bf68a560620fb785c27e00e1695406e86d25c656f6472b3a6886a710aeb238.zip

  • Size

    486KB

  • Sample

    230321-qp4ensce81

  • MD5

    f51ee6b29a581d8cbf65ffc0215681de

  • SHA1

    e0f9d8b20cf58b30bebe2cfcdb9d83b24db576cf

  • SHA256

    cbbebec8b1d09d6e29e641ec1feda223f450829190a05a33dab16c5a4d22ba21

  • SHA512

    3ceb4817bd6b466f9809748e965fc9f962984b6709c0e278db7e30eb94aba91737e870f0d523467505bcac7f564a7c4b5a03551876417aacf2c513fab9caadbf

  • SSDEEP

    12288:vPlCdHLZKrvU+GdDK3Ukd0yOAySe92ZAi2D:v9CdrZYU+CDKEk+AdGEAxD

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Quotation Required.exe

    • Size

      501KB

    • MD5

      c6479e3bcb864d87e5d93ff06ed15c60

    • SHA1

      af08bbfe61178ee821e85b1f09be975b732387aa

    • SHA256

      9842d23cef4dc305ab6b8cd1ade477e1186d94cfd18861e1c87a55aff4d04c40

    • SHA512

      c5f4b4638b76b963fe8b731a08c43f67d5a8c512262755f78eca27feea5004e348e85a913926f8afe73accefa6a680bba37207adb37880100cd2f8ff6509b1b6

    • SSDEEP

      12288:/YmibSNNCgbjT5hg1s5PiA8C58tpxxqVTEp1B:/YmQoz5hgSN8tpxAVEp1B

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks