General

  • Target

    d42cd95f4bc95f02825a48054c2bc1d2.bin

  • Size

    776KB

  • Sample

    230505-yj29escf8t

  • MD5

    5f3d875036a61c66cbb49b8065ce0cd1

  • SHA1

    21131306599f44e96ae22a94344d67476617abe1

  • SHA256

    ecb3d88e4ad2cbd22a6d888de32ef236e217b25101123a4767b11656e23ed1ba

  • SHA512

    7045fcddde66c87e570da78dc2046733cb7173ebc441bf7b82248b53dc42540eb7bd329cbf4cda989d5cb55466814cdff0099d99300220653ef776e8f9619370

  • SSDEEP

    24576:V2Q10o4usU3+By4wp56ydPLBdejTsvTePM7X:I+mM4SkydzBdefsvS0T

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe

    • Size

      852KB

    • MD5

      d42cd95f4bc95f02825a48054c2bc1d2

    • SHA1

      edf9a330fe6a0ab953097a573e171ea9a40fe40d

    • SHA256

      1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51

    • SHA512

      ead96568d9707a246ae310737daa2fd7edf4f4c991d339eb8e20ecba7d32705b4ea6893c26f53d9c1520d1391b63e5b0faedaf69385473314afd21297c156cfd

    • SSDEEP

      12288:eH4XxAtOc6iyk7k27IB9mxzMefPXgq1fQu+78rjuLdvWhgzigSLwkVy5A5I4h:j6Uc6i9IKcpeXRdQD0j65egSLlyO5IK

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks