General

  • Target

    Technical Spec.exe

  • Size

    1.6MB

  • Sample

    230508-htsjzabb8y

  • MD5

    b07439ae25abcf2d281132533f2c4aa4

  • SHA1

    4137af7edd5400e7e87b1ef31ad3d69da6f77d82

  • SHA256

    2a84cd5f54e03590ad92e86ce6618dc5c31cb290e0845bb5de357f8c92af8749

  • SHA512

    9c82e054400eba3459fed20bce1e1fbfe41d4459914ef7d6655ec8b06cf9d4fedf11be0de967de4fa0b167a2d835d603d50d121a5463ac0b28aabe2f4d39316e

  • SSDEEP

    24576:CPKc2E+VeksjscdkmsRzUHr+3KcQh3GgVqIB5WtS4DW3mkh9YnpZq7ZPGAw1c:GpEE3qzULUhgGgVqIL4DWPhWnpAlnw1

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Technical Spec.exe

    • Size

      1.6MB

    • MD5

      b07439ae25abcf2d281132533f2c4aa4

    • SHA1

      4137af7edd5400e7e87b1ef31ad3d69da6f77d82

    • SHA256

      2a84cd5f54e03590ad92e86ce6618dc5c31cb290e0845bb5de357f8c92af8749

    • SHA512

      9c82e054400eba3459fed20bce1e1fbfe41d4459914ef7d6655ec8b06cf9d4fedf11be0de967de4fa0b167a2d835d603d50d121a5463ac0b28aabe2f4d39316e

    • SSDEEP

      24576:CPKc2E+VeksjscdkmsRzUHr+3KcQh3GgVqIB5WtS4DW3mkh9YnpZq7ZPGAw1c:GpEE3qzULUhgGgVqIL4DWPhWnpAlnw1

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks