Overview

overview

10

Static

static

1

QUOTATION ...99.exe

windows7-x64

10

QUOTATION ...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION _RFQ# 1043999.exe

  • Size

    1.1MB

  • Sample

    230327-h54flscc39

  • MD5

    e3b24ec113f20b978b0219371f76ccb3

  • SHA1

    fe3812e07afa7def4224a68a8a3d5db849997e94

  • SHA256

    d1a8dddd0be7a7932b576b395adf6c8a3ab4796420b0f967c39d6ffe65604807

  • SHA512

    aa0b97ad2db777fccb44e087fd986b4f0c3d00175315397c2cc343c45d169a031f0587c033aedcd14918cc1e6d6af41dec697771ac4ca36c517e23b860a67f1b

  • SSDEEP

    24576:DYpFDsStI/zStNEjHMjT9MVNRQSXnhRafrMO9RRH:s8+IutNEcARF+fTD9

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      QUOTATION _RFQ# 1043999.exe

    • Size

      1.1MB

    • MD5

      e3b24ec113f20b978b0219371f76ccb3

    • SHA1

      fe3812e07afa7def4224a68a8a3d5db849997e94

    • SHA256

      d1a8dddd0be7a7932b576b395adf6c8a3ab4796420b0f967c39d6ffe65604807

    • SHA512

      aa0b97ad2db777fccb44e087fd986b4f0c3d00175315397c2cc343c45d169a031f0587c033aedcd14918cc1e6d6af41dec697771ac4ca36c517e23b860a67f1b

    • SSDEEP

      24576:DYpFDsStI/zStNEjHMjT9MVNRQSXnhRafrMO9RRH:s8+IutNEcARF+fTD9

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks