General

  • Target

    3d695f1b4db5a0635d43e1cd1b9d48ae.bin.bin

  • Size

    781KB

  • Sample

    230430-3ny5sabh5v

  • MD5

    334c2103c82168a143082fa2cc8b1027

  • SHA1

    770f4d5db3f31e11c1857a39c7712ebdbd7f52dd

  • SHA256

    f4537ab3fdeb176d352dca40facb96f493d634f7d03140e2275be2ea33678e33

  • SHA512

    beb0e5de5e97b10504a3851356127ca75b5421d67a9e8737e76f74370f226f4a5de7963a02848d7dabf131c756e0b64bcef3736c5c7ad2e7694be3ad1d3784c0

  • SSDEEP

    12288:sXV3VpViR/z+L5kUV8IoeB1tqnrSz6cSnGO8OCk0CdbOAbda1Wo6VFBHb/a:sXxBM/wkTW1Enmz6NGOlCkVbOAGWv/a

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0.exe

    • Size

      851KB

    • MD5

      3d695f1b4db5a0635d43e1cd1b9d48ae

    • SHA1

      377936812ab222b69380049be6ad28208e135603

    • SHA256

      a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0

    • SHA512

      268e47ebb3d159ee3c33a0b0b5d8c4a272430544c01ff2c66c7918fabcba66e784edebd435e1200f0c0ce44c317b771f3b076d4548f9fbcd905079d47a434185

    • SSDEEP

      12288:Y+vTN8RVtfK8cyo7qyy8SpCrqLKL2MhkHEmY4FrHSzn7rwR8mGyqF7qbnZ4Xb:Y6TNUVU8cmJ4rM3akk14JH+n78Z4Xb

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks