Overview

overview

10

Static

static

3

TT_copy.exe

windows7-x64

10

TT_copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TT_copy.exe

  • Size

    1.6MB

  • Sample

    230426-scwv6sbh7w

  • MD5

    3acff0b9068df07116870bf461f4f7c1

  • SHA1

    fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

  • SHA256

    f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

  • SHA512

    0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

  • SSDEEP

    49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      TT_copy.exe

    • Size

      1.6MB

    • MD5

      3acff0b9068df07116870bf461f4f7c1

    • SHA1

      fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

    • SHA256

      f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

    • SHA512

      0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

    • SSDEEP

      49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

    Score
    10/10
    blustealercollectionstealerspyware

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks