General
-
Target
Invoice for your shipment.exe
-
Size
1.5MB
-
Sample
230416-m7zmnabf4w
-
MD5
76a953005611843cca8ba94dc2ffbfcf
-
SHA1
af634f838961dbeb328c9fb09ab23cb1aca2affe
-
SHA256
8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135
-
SHA512
06095412d5fe83e4741ab31a4fe890283c0b8b659ea7fc2289dc52e1ed2c07cd8619e8fdbc9368a4980c6e8b43161472d55d96552df2b57759e84c9a85a16a3b
-
SSDEEP
24576:8r1voTP6JZs4KoxhV2EiP0Av/1IZwA7dTej7Tz5IDuvkuwV7GkeoAu2j7NiznXBy:8r1voTP67sJoxTiP00/OH1eHVSJXT281
Static task
static1
Behavioral task
behavioral1
Sample
Invoice for your shipment.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice for your shipment.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
Invoice for your shipment.exe
-
Size
1.5MB
-
MD5
76a953005611843cca8ba94dc2ffbfcf
-
SHA1
af634f838961dbeb328c9fb09ab23cb1aca2affe
-
SHA256
8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135
-
SHA512
06095412d5fe83e4741ab31a4fe890283c0b8b659ea7fc2289dc52e1ed2c07cd8619e8fdbc9368a4980c6e8b43161472d55d96552df2b57759e84c9a85a16a3b
-
SSDEEP
24576:8r1voTP6JZs4KoxhV2EiP0Av/1IZwA7dTej7Tz5IDuvkuwV7GkeoAu2j7NiznXBy:8r1voTP67sJoxTiP00/OH1eHVSJXT281
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-