Extracted

• • Target

    TT copy.exe.bin

  • Size

    1.6MB

  • MD5

    3acff0b9068df07116870bf461f4f7c1

  • SHA1

    fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

  • SHA256

    f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

  • SHA512

    0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

  • SSDEEP

    49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2