Overview

overview

10

Static

static

3

6f35bb0a76...7c.exe

windows7-x64

1

6f35bb0a76...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13dc441ec2f9e3f9aa1f354a4b14d318.bin.bin

  • Size

    1.3MB

  • Sample

    230430-z3tl3adb2x

  • MD5

    3857b5e1ba6b525d71f07d944f1eb6b4

  • SHA1

    d0a388e4e6f82d6d771f6fdab6243cd8e2cdb469

  • SHA256

    85025d82417b78241eb3e406ed633597911e1b73ae5f712f03ee18f60b16324b

  • SHA512

    5cda305dc3008cda5618bb1ca31c8424fe32dff60287f7ca40bcb2a0067da57904a904d9506444305fcc691cfd1e67ddf5e52a310159bb0fc3b1b593e6243028

  • SSDEEP

    24576:gWyN3kZKFiKafxovUBqsGW9uKaXFff3myqMzu/3mGlhcOEa/CnV+5AInLkV:gTFYlqD4Cf/9u2GncOxquAInLkV

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      6f35bb0a7644cfda2468e984269f7febafcb672591a887a8029257dea0801a7c.exe

    • Size

      1.5MB

    • MD5

      13dc441ec2f9e3f9aa1f354a4b14d318

    • SHA1

      05b62c596ca78745d73514cd5d43434929955863

    • SHA256

      6f35bb0a7644cfda2468e984269f7febafcb672591a887a8029257dea0801a7c

    • SHA512

      30f4da77bf1ba35334fc1812a6792bb91396fdc8cc7b918f81c6395a48523079cccc89c7090b5c21c30ab62939fa8663cc695ad7d876f083773f7c85cffc5242

    • SSDEEP

      24576:TwMryIYPOfPFxgvnRnc215nETdxUA6p7GDHDCf0uEywBk1EM8Xzd:Md5PsPfgvRv0gA6pYC52lD

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks