bluefox | impvqfag - Copy[.]zip | Triage

Sharing

General

Target

impvqfag - Copy.zip
Size

91KB
MD5

f0f7aea9790fa0210de8516d74e9a5d8
SHA1

68075565e2d5e20eab63d12a6ebfc1e357915fb6
SHA256

154d12ad7038f0eb13f1824608f0786694daf0fead74ca9f24b333d1744c822d
SHA512

06e9894b3b234ac90b146571a055e39f57de3a17986708c4988d95498b5becea819e0ef28117f98b18890338848eee97ca51184a65cf7b7fe8d6a2e968197c9e
SSDEEP

1536:0VT5ik3N/HN4M6PgXhyC5vSAJmYBK9tLL9wAwiiy2c9zA2LPFkSJXYJYfx9XZgz2:0VTsk3N3hjvSArK3LL9BiM9zbLPZXYk1

Score

10^/10

bluefox

Malware Config

Signatures

BlueFox Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/impvqfag - Copy.ex	family_bluefox

Bluefox family
bluefox

Files

impvqfag - Copy.zip
.zip
impvqfag - Copy.ex
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ