Overview

overview

10

Static

static

3

INVOICE_.exe

windows7-x64

10

INVOICE_.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice3002432223.img.bin

  • Size

    1.6MB

  • Sample

    230505-zj88eagd3t

  • MD5

    521d97311e3c33edfdc9b8d578b04aa5

  • SHA1

    95c923ed0fb716ab3c7bf54272c1dd9cfe2ddad5

  • SHA256

    03101293ef6b23593c4ff95a36528316a1d72c75568a9e9812a100dda87dead2

  • SHA512

    c8f8a7ba44afbfd9d61cc155f18f96913ea4ce8df1ea76a1f46ad2ef4b59663cc3e52c41e110f9b82c040d5a6196fb9fc54bf5b2145b2c6c873e7010c08000b5

  • SSDEEP

    24576:TXOGXrxgZIYdflxH28iLJ6fLOscta6VQz5CZporN2OtOzy:TX3rx43g8iLJkLOjs6VkCZ2x1

Score
10/10
blustealerredlineinfostealerspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6246601421:AAFrAwaqm-G2V9ysvgyBq2dzNs5Gp-CKwaw/sendMessage?chat_id=5523238206

Targets

    • Target

      INVOICE_.EXE

    • Size

      1.0MB

    • MD5

      d01af08af1935589ed6974734f764f5a

    • SHA1

      75d31c4f55e98d500abac8a5ab304a559283e9e5

    • SHA256

      f7c5b46a0b80bd17ec7af21458bbc2cd7c0873f81218475013b50953a72a887f

    • SHA512

      958a8efa7867077c7dbf66b21090d9186d4757e9f71895ed04ea48d6ba0f79b1a2d7789710921a15f0cdc5d83bf1d5d10260445982555e58bf96101aed026e7c

    • SSDEEP

      24576:vXOGXrxgZIYdflxH28iLJ6fLOscta6VQz5CZporN2OtOzy:vX3rx43g8iLJkLOjs6VkCZ2x1

    Score
    10/10
    blustealerstealerredlineinfostealerspyware

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks