General
-
Target
RFQ for supply of Stock Replenishment FI-2023-089.gz
-
Size
768KB
-
Sample
230417-tbt6magg2s
-
MD5
49f8a8d16bdd4d2af2be3a79d7b213a4
-
SHA1
1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9
-
SHA256
2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6
-
SHA512
ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748
-
SSDEEP
24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD
Static task
static1
Behavioral task
behavioral1
Sample
RFQ for supply of Stock Replenishment FI-2023-089.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RFQ for supply of Stock Replenishment FI-2023-089.rar
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
RFQ for supply of Stock Replenishment FI-2023-089.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
RFQ for supply of Stock Replenishment FI-2023-089.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474
Targets
-
-
Target
RFQ for supply of Stock Replenishment FI-2023-089.gz
-
Size
768KB
-
MD5
49f8a8d16bdd4d2af2be3a79d7b213a4
-
SHA1
1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9
-
SHA256
2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6
-
SHA512
ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748
-
SSDEEP
24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD
Score3/10 -
-
-
Target
RFQ for supply of Stock Replenishment FI-2023-089.exe
-
Size
833KB
-
MD5
c3d43cf53c510fed679a621e5c9d0aea
-
SHA1
a8d367631072c110d99369209782f8ddd6de673f
-
SHA256
2a4fe1060c15849fad34754e02f548fc250f8749ab923f929c7497c0614c760b
-
SHA512
19d006881997d35cc57fff45b1e216d601d83b15045dcc75f8b6b617bb797c838a7cf0c3e0eec1e016817d5f3f429650a88a914bfaa9b9deeb62af18255437a8
-
SSDEEP
12288:El4SNuCXLzEfF0S2FXtBvFD3oNQLp1K6YZQ0MASVbNqRPXnBGTJ:EG9CvEfFv23o2LDK6WQOSVpwXnB2
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-