General

  • Target

    Purchase Order.exe

  • Size

    882KB

  • Sample

    230421-mq39hsha31

  • MD5

    80f8b83ff944f41eb4b301b1976946ec

  • SHA1

    4766b46ebc3674f8198319d6ad164b04e6fe39b2

  • SHA256

    0f9109bc99a6c0cb299d1520099a8ca2d87d8ca4e1806fde417b60cf6dd233f9

  • SHA512

    417e941be626bb36baab3869c77133b8efeeca7d205bfb73ce5a433a459dc2b78e13945e39b3ecd01306b3027c6d53781b3f63debe42a8592e375e3719302e73

  • SSDEEP

    24576:7/nche0sofbtJZf78cOk6K05Gr1Q5c5bv:7PchBJZf7FCGr1Q5Kb

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase Order.exe

    • Size

      882KB

    • MD5

      80f8b83ff944f41eb4b301b1976946ec

    • SHA1

      4766b46ebc3674f8198319d6ad164b04e6fe39b2

    • SHA256

      0f9109bc99a6c0cb299d1520099a8ca2d87d8ca4e1806fde417b60cf6dd233f9

    • SHA512

      417e941be626bb36baab3869c77133b8efeeca7d205bfb73ce5a433a459dc2b78e13945e39b3ecd01306b3027c6d53781b3f63debe42a8592e375e3719302e73

    • SSDEEP

      24576:7/nche0sofbtJZf78cOk6K05Gr1Q5c5bv:7PchBJZf7FCGr1Q5Kb

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks