General

  • Target

    Draft BL.exe

  • Size

    823KB

  • Sample

    230414-x53lmsch8z

  • MD5

    ad39b3a11ed93999ec47bb2004822923

  • SHA1

    a91442c5fc2a806f2a73110d761f3c2d0923d694

  • SHA256

    642788b753c8802d30666e5d6d2a2e4c9d810583e3af7fcb2983dd219c4526e7

  • SHA512

    839c6a08742c094f8d972300c74e422c93b09082aa512e63e85ae6f4d769c59e09d5c4313ea5f189095dbb257cea32b23785f99efaef40a7ec8692907ca742c6

  • SSDEEP

    24576:GPPBLdk29XW6to9ejUKAQLSiXX/i/SUm:G/LXWexYLqfmSUm

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Draft BL.exe

    • Size

      823KB

    • MD5

      ad39b3a11ed93999ec47bb2004822923

    • SHA1

      a91442c5fc2a806f2a73110d761f3c2d0923d694

    • SHA256

      642788b753c8802d30666e5d6d2a2e4c9d810583e3af7fcb2983dd219c4526e7

    • SHA512

      839c6a08742c094f8d972300c74e422c93b09082aa512e63e85ae6f4d769c59e09d5c4313ea5f189095dbb257cea32b23785f99efaef40a7ec8692907ca742c6

    • SSDEEP

      24576:GPPBLdk29XW6to9ejUKAQLSiXX/i/SUm:G/LXWexYLqfmSUm

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks