General

  • Target

    Request for Quotation.exe

  • Size

    1.4MB

  • Sample

    230508-samjqabb76

  • MD5

    6194f48fb37a6bb1ba0908abc6b1a537

  • SHA1

    0e80a10e34ca8b23e568f871bdc0eef8f1fe63f2

  • SHA256

    5f323f12b134d9f8718282eeb8d8423c9a6f123545cb8fb4ca3a38b6f8092af1

  • SHA512

    7723660cb65c449ffd73ce457d3c7ce93a4d7703452c7d2f68608e4245420e26fc390a435f4cf3538931d6938568266043e3600e3fe943f531ad696990f7ef25

  • SSDEEP

    24576:m9WFfD+P2kVORHUvU/C88Cx+DDs9hmt9EwONE+D3APRgbUTfNugzT:+U4C4Cx+DQU9EwqTAPRgbfYT

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Request for Quotation.exe

    • Size

      1.4MB

    • MD5

      6194f48fb37a6bb1ba0908abc6b1a537

    • SHA1

      0e80a10e34ca8b23e568f871bdc0eef8f1fe63f2

    • SHA256

      5f323f12b134d9f8718282eeb8d8423c9a6f123545cb8fb4ca3a38b6f8092af1

    • SHA512

      7723660cb65c449ffd73ce457d3c7ce93a4d7703452c7d2f68608e4245420e26fc390a435f4cf3538931d6938568266043e3600e3fe943f531ad696990f7ef25

    • SSDEEP

      24576:m9WFfD+P2kVORHUvU/C88Cx+DDs9hmt9EwONE+D3APRgbUTfNugzT:+U4C4Cx+DQU9EwqTAPRgbfYT

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks