Overview

overview

10

Static

static

3

Quote 1345 rev.3.exe

windows7-x64

1

Quote 1345 rev.3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quote 1345 rev.3.exe

  • Size

    1.6MB

  • Sample

    230501-redxpshd8w

  • MD5

    e90e41677f6030ffc3eac62929ced1d9

  • SHA1

    edb0a2acdec33328a864ac178bfb0b42a2e0d444

  • SHA256

    dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205

  • SHA512

    a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa

  • SSDEEP

    24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Quote 1345 rev.3.exe

    • Size

      1.6MB

    • MD5

      e90e41677f6030ffc3eac62929ced1d9

    • SHA1

      edb0a2acdec33328a864ac178bfb0b42a2e0d444

    • SHA256

      dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205

    • SHA512

      a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa

    • SSDEEP

      24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks