General
-
Target
Purchase Order.exe
-
Size
1.3MB
-
Sample
230416-ntz7psbf9v
-
MD5
293fdf1a86054e7f7ea5468093a32619
-
SHA1
556f35a6bc2f99c18eac6efc24772bcaea2c4dc7
-
SHA256
9966abd2f2239c4ab9ef470ba0a76c3546645666976c45d7294214d283510140
-
SHA512
dd89c55471e4573b14bc8b15fd5f268bc03f6c47d127bb3a07f70b3ff7ecf6c43f86eae13a2bf70d15baf9df2de198cbb5a18b287dff08027a7dbbb51d6d94df
-
SSDEEP
24576:dlDz26SjmWjOMnxBZL/gBDTOihq+6yYAJOxyaLYJydD4noK1kY2OdGJ306n2r6L:bDcmWKMx7L/oHOihz6y9JOx2Ig162OL
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
Purchase Order.exe
-
Size
1.3MB
-
MD5
293fdf1a86054e7f7ea5468093a32619
-
SHA1
556f35a6bc2f99c18eac6efc24772bcaea2c4dc7
-
SHA256
9966abd2f2239c4ab9ef470ba0a76c3546645666976c45d7294214d283510140
-
SHA512
dd89c55471e4573b14bc8b15fd5f268bc03f6c47d127bb3a07f70b3ff7ecf6c43f86eae13a2bf70d15baf9df2de198cbb5a18b287dff08027a7dbbb51d6d94df
-
SSDEEP
24576:dlDz26SjmWjOMnxBZL/gBDTOihq+6yYAJOxyaLYJydD4noK1kY2OdGJ306n2r6L:bDcmWKMx7L/oHOihz6y9JOx2Ig162OL
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-