General

  • Target

    0ferta y demanda_CIF--B-62326O21.iso.bin

  • Size

    1.2MB

  • Sample

    230430-2n3mjaha4w

  • MD5

    fe5bead276e836ad875307ba81154b68

  • SHA1

    1d9f2a3b6551f291a54e1fff8166fd6edf796340

  • SHA256

    9c71b54c43e5cabec212c1a02317da8c51915aec8944ea88a84e7a5490ceb1a3

  • SHA512

    66d0bd438f1ee43f437db48186a4759a15acd18ea4ab9275c67e6c04d1a7d3b1cd444d484974f940d94292179ff736af459b6aa9a328b42a1dc35956cc4f48c4

  • SSDEEP

    6144:FH6xBmSbrrTTCgb9/z2qBop/Nkt9Tdz/6R36:lAWgbdgp/NktrWR

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      0FERTA_Y.EXE

    • Size

      202KB

    • MD5

      a9419910dc159e785f4f7d060b99703d

    • SHA1

      164c8c53881f9e65d19233c6b9eed1d0231e7cfb

    • SHA256

      56fe514e3ea3eda0569cf8b79741fe9ed9b391fe06f07b33d847ccdd7fda18ae

    • SHA512

      f8dad0c0825aab81f9ad4ca4d138b7e653181b3c4d9ad8162f99568ea55168b82265097afa8be8afc23ad571547647b32bf49f0247fbe14b67269e8144b80358

    • SSDEEP

      6144:tH6xBmSbrrTTCgb9/z2qBop/Nkt9Tdz/6R36:tAWgbdgp/NktrWR

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks