General

  • Target

    e90e41677f6030ffc3eac62929ced1d9.bin

  • Size

    1.4MB

  • Sample

    230503-cxdbkadd68

  • MD5

    9ba474955dff5b9da32e0e06b566f579

  • SHA1

    bf74d95ac419976dd399e31288a29494bfa0d626

  • SHA256

    7a62f4e361c2f327d6d3949e1d05ba5a9d36bf88e25a1fe567e037bbc8943a94

  • SHA512

    8535229bb576e1729f19550b4e4d4ce0daea13f5f99699e7937a57454c9bf824f0ac9bfb20b934e9701ba2f1eaaf26b3cc9046735ca22956232c2ad77a2b55cf

  • SSDEEP

    24576:lLZkQBnWiEvIvodRKSMY+hg3llP6XysF2CCAEaSJzuRyfElEX:lLZkbj3hM1eVRmZcRuRyfEq

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe

    • Size

      1.6MB

    • MD5

      e90e41677f6030ffc3eac62929ced1d9

    • SHA1

      edb0a2acdec33328a864ac178bfb0b42a2e0d444

    • SHA256

      dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205

    • SHA512

      a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa

    • SSDEEP

      24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks