Overview

overview

10

Static

static

1

Purchase o...df.exe

windows7-x64

10

Purchase o...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase order_pdf.gz

  • Size

    754KB

  • Sample

    230412-qyxngseb2t

  • MD5

    a8a4e9dbb6c1c6d694de84af88babed4

  • SHA1

    5fc7418dea4995990e51bdd186d6c8932e1f073d

  • SHA256

    ea363893bfddb8b28e3030fb25ffb842dd466c82ef496b39f9c883feb1b42f41

  • SHA512

    c9dee11696fa39561dfc3a9039e805db8db8299b348492b3b64005772bb2391f5d054a05e5ecd8218a884791de2d642f593924c9db375a16a805efe02d6b3703

  • SSDEEP

    12288:DsHsseF639AQX2iuLn/v5ZZS4OSVlfRE5kto5TM9ibAR6zvgeAmRTXQgABYOx:AHFeFc2biI/h3fXfRRtW1TgeAyBe

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Purchase order_pdf.exe

    • Size

      792KB

    • MD5

      3b156e7eab24fbf17d682c7d889b85d6

    • SHA1

      4385230e53f255d7db8b91844f2c67f1b16c1c96

    • SHA256

      c26bf76c00885577a5aeacd05387893d936bf122aaf3999dcb0dee3be14fcfcd

    • SHA512

      879a687179a41ece511e833f967a9d2ab6daa937c4339237fb07735fa53f09bfd6978bca4115af7e51b496e0b323df9bdd5f185029a637550c6b2901d4873bb1

    • SSDEEP

      12288:XAOsOorAeJPzsJnxfBN9UpRQQ2FDTm3U+o1N68vlU0WhmtVSkYRUVmU:XAOcr5axfBYp6fDMkzRiQVSkYqm

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks