Overview

overview

10

Static

static

1

RFQ# 437179.exe

windows7-x64

10

RFQ# 437179.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ# 437179.exe

  • Size

    945KB

  • Sample

    230422-bph2eabe44

  • MD5

    b6aeee41b0198e03a004fb0d77d9019d

  • SHA1

    6e0a24b8c8b909a7729d90c62af505ccc310f970

  • SHA256

    dba189ded0db555ce536385f81ad1490d1123534ec89b72acf4f8be65c001eda

  • SHA512

    9e30546d30dfb1d924acbfa3400be101281937c42ca6e8ef3d2c48a40aadefa36ff08a0ec570441419a502e04baa7ed3d561d257acebdfa947dfb8dd647f1ea2

  • SSDEEP

    24576:PyqTC/fI4T3MirauGdpcoL2XoLKmlNMbn/KSDTKR7f:PXMvraSoLNLblNMDhq

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ# 437179.exe

    • Size

      945KB

    • MD5

      b6aeee41b0198e03a004fb0d77d9019d

    • SHA1

      6e0a24b8c8b909a7729d90c62af505ccc310f970

    • SHA256

      dba189ded0db555ce536385f81ad1490d1123534ec89b72acf4f8be65c001eda

    • SHA512

      9e30546d30dfb1d924acbfa3400be101281937c42ca6e8ef3d2c48a40aadefa36ff08a0ec570441419a502e04baa7ed3d561d257acebdfa947dfb8dd647f1ea2

    • SSDEEP

      24576:PyqTC/fI4T3MirauGdpcoL2XoLKmlNMbn/KSDTKR7f:PXMvraSoLNLblNMDhq

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks