Overview

overview

10

Static

static

1

709b07ef6d...92.exe

windows7-x64

10

709b07ef6d...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

  • Size

    504KB

  • Sample

    230408-hv8btacb88

  • MD5

    76ef6dcc228516addb85969c619845f8

  • SHA1

    ec42d448daf3645b980588f03e4a1d50a068e302

  • SHA256

    709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

  • SHA512

    4b37f2b3b5977a9d55021c02654095d79125838df1759684a93d08732777fe411841395179198a7c121b1f3ffd59d7c7d31b2ed9387d4e0765265c09716d1f0e

  • SSDEEP

    12288:/YuffiNQGwOEphdUyTd7RqcNEb2SqH4y8jw:/YuffiQGwOERlucuqbv

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

    • Size

      504KB

    • MD5

      76ef6dcc228516addb85969c619845f8

    • SHA1

      ec42d448daf3645b980588f03e4a1d50a068e302

    • SHA256

      709b07ef6d3a105e4f17eb92f6978c9b8597c8297f6391303670e2adaed90592

    • SHA512

      4b37f2b3b5977a9d55021c02654095d79125838df1759684a93d08732777fe411841395179198a7c121b1f3ffd59d7c7d31b2ed9387d4e0765265c09716d1f0e

    • SSDEEP

      12288:/YuffiNQGwOEphdUyTd7RqcNEb2SqH4y8jw:/YuffiQGwOERlucuqbv

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks