Overview

overview

10

Static

static

3

bc61c93084...61.exe

windows7-x64

1

bc61c93084...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61.zip

  • Size

    1.3MB

  • Sample

    230502-18773scg87

  • MD5

    26051b7de10ec75d457064cb2389c541

  • SHA1

    6e4ed83d85628617c1e8a41ce67427bf8057aee0

  • SHA256

    164790d71da9d108d7baa215cf5336f0fd568d542cd18752688f9f7769dc28b7

  • SHA512

    b9f875f5a8c35b19bc612b11f0a676e6d32da3e2b0ad02d20cf20f7d85ccf264e903b5b365fcee1021c351d0c930ba695f2328dd2fe1d12b32991d43b0c91d3c

  • SSDEEP

    24576:JrMGvSVKb+A+sR21H25r6rP7yrCTlyKSSbUZEIlPzvzv0xuAzEQEr:5MGqVeN+sRrer7ailyUUVlbbv0xyr

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61.exe

    • Size

      1.5MB

    • MD5

      39810b7912907fc879004874df0e9e9e

    • SHA1

      f2e51d5e9f644058a8ff4d64458e2914ddf2a364

    • SHA256

      bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61

    • SHA512

      abd49e8623428a399f665e2157522b6d285cb6c1f77c043eb22038df2ebbfbb21f3823c08dd781be5df043f1ab9b514990ab890bc80086cf33860aa6f4e75b5d

    • SSDEEP

      24576:molqfbt8n/WmtqmZfq/ppZge1+qWMZukXfRtgyCrWw:sxgWm8m+Zj+qbZuq

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks