Overview

overview

10

Static

static

1

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    1.4MB

  • Sample

    230416-t9dxascd2x

  • MD5

    319a8140493686ae81266875c0c3e06b

  • SHA1

    1e689c700794b8545ed722c0be7f644e86a37ec0

  • SHA256

    2dbef10abc332d28d4a41f5ae426d16ce7fb0387ecdb86409fab46eb8cc270ea

  • SHA512

    18410bbf80641bb2dacdd078a5d5237efe6ee50cd9347ba7d4025035216bfb6c09a3c4aecbf0eb15a931773da43c28f6310cb0d2b79e1b85db69ef70c39b96cb

  • SSDEEP

    24576:lgwaY8W87dC0QjhfDggweZKP0Y649fFlAv7Z16hiTucbqE7eNffIe:mLjWsNQtfcgvelffAv7vjyl

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase Order.exe

    • Size

      1.4MB

    • MD5

      319a8140493686ae81266875c0c3e06b

    • SHA1

      1e689c700794b8545ed722c0be7f644e86a37ec0

    • SHA256

      2dbef10abc332d28d4a41f5ae426d16ce7fb0387ecdb86409fab46eb8cc270ea

    • SHA512

      18410bbf80641bb2dacdd078a5d5237efe6ee50cd9347ba7d4025035216bfb6c09a3c4aecbf0eb15a931773da43c28f6310cb0d2b79e1b85db69ef70c39b96cb

    • SSDEEP

      24576:lgwaY8W87dC0QjhfDggweZKP0Y649fFlAv7Z16hiTucbqE7eNffIe:mLjWsNQtfcgvelffAv7vjyl

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks