Overview

overview

10

Static

static

3

e2c74cd730...98.exe

windows7-x64

1

e2c74cd730...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170860057f4aad06ddbeea0ca2b3f1b6.bin

  • Size

    1.3MB

  • Sample

    230428-bggtdacg6z

  • MD5

    97338a302af4ade06e1629e43a50a34e

  • SHA1

    df85489a97525fc659994f81fef4ea7b21c89812

  • SHA256

    52d4c9785ef46a412ea225c41757168d828d77058976963a9232ffa6bf0d9425

  • SHA512

    321985a1f4561f19b667f410c487abca194650197dff57df16e2e5b96fe0cb0097f8aef30664e7ed6af551c05bff1531ce44255618c0bd8622801b3d5de2e15d

  • SSDEEP

    24576:Mh3YoA2ISkgsS9NYYPdNcB8MIobHtEzy7/AdADkRQ0jehMfaNfN+HnMea+lTp/+6:woomSkgLSYPfS8MIobHtCy7WADkR8RN+

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe

    • Size

      1.6MB

    • MD5

      170860057f4aad06ddbeea0ca2b3f1b6

    • SHA1

      db04c735b769df458518f959ae7eca39cfa06213

    • SHA256

      e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998

    • SHA512

      f8bf57126bad026be2414121c798d5688119f06312404c35dea3f457deb717f6422291f5401178586fd23055577f893b4e6236e413c909e3b526c45d3b957766

    • SSDEEP

      24576:uU7taDBzgNEfeEvFTMxdzYPh1ogay/zj1weNgcHFx5MpfTjU/c7jNXPohE:uU7PNBmMxdEvogdzxzHFx+pfTgE7VPI

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks