Overview

overview

10

Static

static

1

document a...df.exe

windows7-x64

10

document a...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document approval_Pdf.gz

  • Size

    882KB

  • Sample

    230406-lz275sce56

  • MD5

    84aac86d1a59353f4a24bcb0a2185699

  • SHA1

    0a308367b677484c8021aee717b2d65ebfe379fb

  • SHA256

    219fff9b851792e8881d49d9bd62356ca8476f6fb70fd5e87ce8473d1e9557da

  • SHA512

    36e15e5a14b3051139ae6e5a62e2e54e0250984fab557a8eb437a6d3f569fd2c42e875956f71aad5d30c460e2c46da70f231284ebb00bfd5b921860b356a8149

  • SSDEEP

    24576:t46dSW5qKNeNy1YWMuEqaFuHuxKOuMnshf1:+LaqRy1YHuhuYOVnc

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      document approval_Pdf.exe

    • Size

      1.0MB

    • MD5

      a01c97c35665af7491d2f458e36fd520

    • SHA1

      a3f27af6b4ba853cc85cd9e8b6e0a26b44e41a8e

    • SHA256

      708f366019c67cdec28a6950aa2a24f4ba274ebdadc35339ce1208ea971fc668

    • SHA512

      55d9525b68abac877639ecfeff096cf0e6ef27a2fc880fa23cd3dfb101f83e445fe4d28c0fb286c4c13524480a3ebf3e5c0d2f2713d9401a2800859095bd12b3

    • SSDEEP

      12288:47a2iNpVDhqX5KNS9+IUsvT77D8zdARM8hQDTau0DmcOeZmk/5DizSwNUs2naFaP:47a1jfKbrIzGml0tOgmADi4sDaQI

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks