General

  • Target

    RFQ 21032023.exe.bin

  • Size

    1.5MB

  • Sample

    230501-yw2hnaab5v

  • MD5

    26d46c2c07d584f1a04280f47182e909

  • SHA1

    381ec91ba5c4206be19a10a1cb0d2328a9385d71

  • SHA256

    295ebe6ba820bb813c6e9dd5526bf194a8da0268085ba0fc805f19c1ae3c6186

  • SHA512

    3cd2e063ed27a84cfa2513e76a77f6ed8a7987ff42f1e5e9ab9400491b1cfc0b407945ca09ab1a839807ac850a44a0521aa5fa2f9a90c9bd2df1ee0eefc3c8c0

  • SSDEEP

    24576:D1fkORzjCc1R7CIPVQ/NcnBZuSAszPeo28pW4NiocXtWLezho6OrHRYfDz:Dabc7nyNgqSHzPj3zDYt8EhuWf

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ 21032023.exe.bin

    • Size

      1.5MB

    • MD5

      26d46c2c07d584f1a04280f47182e909

    • SHA1

      381ec91ba5c4206be19a10a1cb0d2328a9385d71

    • SHA256

      295ebe6ba820bb813c6e9dd5526bf194a8da0268085ba0fc805f19c1ae3c6186

    • SHA512

      3cd2e063ed27a84cfa2513e76a77f6ed8a7987ff42f1e5e9ab9400491b1cfc0b407945ca09ab1a839807ac850a44a0521aa5fa2f9a90c9bd2df1ee0eefc3c8c0

    • SSDEEP

      24576:D1fkORzjCc1R7CIPVQ/NcnBZuSAszPeo28pW4NiocXtWLezho6OrHRYfDz:Dabc7nyNgqSHzPj3zDYt8EhuWf

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks