Overview

overview

10

Static

static

3

tmpjmcuumo.exe

windows7-x64

10

tmpjmcuumo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmpjmcuumo.bin

  • Size

    1.5MB

  • Sample

    230505-ztg7nsgh4t

  • MD5

    39810b7912907fc879004874df0e9e9e

  • SHA1

    f2e51d5e9f644058a8ff4d64458e2914ddf2a364

  • SHA256

    bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61

  • SHA512

    abd49e8623428a399f665e2157522b6d285cb6c1f77c043eb22038df2ebbfbb21f3823c08dd781be5df043f1ab9b514990ab890bc80086cf33860aa6f4e75b5d

  • SSDEEP

    24576:molqfbt8n/WmtqmZfq/ppZge1+qWMZukXfRtgyCrWw:sxgWm8m+Zj+qbZuq

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      tmpjmcuumo.bin

    • Size

      1.5MB

    • MD5

      39810b7912907fc879004874df0e9e9e

    • SHA1

      f2e51d5e9f644058a8ff4d64458e2914ddf2a364

    • SHA256

      bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61

    • SHA512

      abd49e8623428a399f665e2157522b6d285cb6c1f77c043eb22038df2ebbfbb21f3823c08dd781be5df043f1ab9b514990ab890bc80086cf33860aa6f4e75b5d

    • SSDEEP

      24576:molqfbt8n/WmtqmZfq/ppZge1+qWMZukXfRtgyCrWw:sxgWm8m+Zj+qbZuq

    Score
    10/10
    blustealercollectionstealerspyware

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks