Resubmissions

17-04-2023 16:19

230417-tsqjrsfb33 10

17-04-2023 16:08

230417-tk6wsagg5s 10

17-04-2023 15:53

230417-tbt6magg2s 10

17-04-2023 15:30

230417-sxwqxage9v 10

General

  • Target

    RFQ for supply of Stock Replenishment FI-2023-089.gz

  • Size

    768KB

  • Sample

    230417-tbt6magg2s

  • MD5

    49f8a8d16bdd4d2af2be3a79d7b213a4

  • SHA1

    1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9

  • SHA256

    2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6

  • SHA512

    ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748

  • SSDEEP

    24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      RFQ for supply of Stock Replenishment FI-2023-089.gz

    • Size

      768KB

    • MD5

      49f8a8d16bdd4d2af2be3a79d7b213a4

    • SHA1

      1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9

    • SHA256

      2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6

    • SHA512

      ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748

    • SSDEEP

      24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD

    Score
    3/10
    • Target

      RFQ for supply of Stock Replenishment FI-2023-089.exe

    • Size

      833KB

    • MD5

      c3d43cf53c510fed679a621e5c9d0aea

    • SHA1

      a8d367631072c110d99369209782f8ddd6de673f

    • SHA256

      2a4fe1060c15849fad34754e02f548fc250f8749ab923f929c7497c0614c760b

    • SHA512

      19d006881997d35cc57fff45b1e216d601d83b15045dcc75f8b6b617bb797c838a7cf0c3e0eec1e016817d5f3f429650a88a914bfaa9b9deeb62af18255437a8

    • SSDEEP

      12288:El4SNuCXLzEfF0S2FXtBvFD3oNQLp1K6YZQ0MASVbNqRPXnBGTJ:EG9CvEfFv23o2LDK6WQOSVpwXnB2

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks