Overview

overview

10

Static

static

1

Quotation_pdf.exe

windows7-x64

10

Quotation_pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation_pdf.gz

  • Size

    834KB

  • Sample

    230404-k7w6esfg9s

  • MD5

    61146a94ba21923be785e22e3943775b

  • SHA1

    fd2db40a5928003c153c32b8eea3ad3d93052347

  • SHA256

    06b3e35f665e7a38fd7439681983e2123a0ffc72effeaabad3e41a0c190cd255

  • SHA512

    fd0be01864b926d91506166a28b7c96451f325db0eda01047a2092b7900cb3e17bd97ada9284db2109c92b17e7a3905f09a2d1aadb9671681ebc89b709d79bf8

  • SSDEEP

    24576:zcaqJYeL4c0AkEK5eY7TvtKezCO1P0olaa:zcnJnL4/AkEKk+ZOi0olaa

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Quotation_pdf.exe

    • Size

      910KB

    • MD5

      6be7360d15864b39760f38be37d21b32

    • SHA1

      9a85a30228996405f11807cbbf8d9cd7e47d45cc

    • SHA256

      0f71aedb95163de525fa395b1a444f48222bc28b70521bff45467cbf98b63b9a

    • SHA512

      b98ad8f32c4632c403466e27161518c991b6c9395da27a743bc3af6ca2a7c632b595ce44fd7d09c6603212cdab9dcb220db76f80399719f7097451a8190f2a0e

    • SSDEEP

      24576:S0PXkGzgCC4mEIXxiZiX6vjgxxUtqY6VUOP:DPng74mJxmiX6vjgEb2

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks