General

  • Target

    Technical Spec.exe

  • Size

    1.5MB

  • Sample

    230505-rtdv9ach7z

  • MD5

    ebf99fc11603d1ec4706b4330761df32

  • SHA1

    c560ca5ae10593d7861701654d839d1071515866

  • SHA256

    693c258cb5620f7e8714d4afc7215e2c7dc16872265148341db23b639906eecb

  • SHA512

    d31c699f201343bd02c07bbf5d41e00df8368b81bfbb1d037fb4b1e1894fd3b8232e80b065845745fa6dab7f23d47efbb1d8b6a9143f5b7db0fb4a57395c4f4a

  • SSDEEP

    49152:NQh9Nn3uFcWIY2YZGIUtNlMpovD2i9c2:0/37Wp2YPUtNlMG7N

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Technical Spec.exe

    • Size

      1.5MB

    • MD5

      ebf99fc11603d1ec4706b4330761df32

    • SHA1

      c560ca5ae10593d7861701654d839d1071515866

    • SHA256

      693c258cb5620f7e8714d4afc7215e2c7dc16872265148341db23b639906eecb

    • SHA512

      d31c699f201343bd02c07bbf5d41e00df8368b81bfbb1d037fb4b1e1894fd3b8232e80b065845745fa6dab7f23d47efbb1d8b6a9143f5b7db0fb4a57395c4f4a

    • SSDEEP

      49152:NQh9Nn3uFcWIY2YZGIUtNlMpovD2i9c2:0/37Wp2YPUtNlMG7N

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks