General

  • Target

    TT_copy.exe.bin

  • Size

    1.6MB

  • Sample

    230501-yz12asge64

  • MD5

    3acff0b9068df07116870bf461f4f7c1

  • SHA1

    fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

  • SHA256

    f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

  • SHA512

    0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

  • SSDEEP

    49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      TT_copy.exe.bin

    • Size

      1.6MB

    • MD5

      3acff0b9068df07116870bf461f4f7c1

    • SHA1

      fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

    • SHA256

      f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

    • SHA512

      0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

    • SSDEEP

      49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks