General
-
Target
Request for Quotation.exe
-
Size
1.4MB
-
Sample
230508-samjqabb76
-
MD5
6194f48fb37a6bb1ba0908abc6b1a537
-
SHA1
0e80a10e34ca8b23e568f871bdc0eef8f1fe63f2
-
SHA256
5f323f12b134d9f8718282eeb8d8423c9a6f123545cb8fb4ca3a38b6f8092af1
-
SHA512
7723660cb65c449ffd73ce457d3c7ce93a4d7703452c7d2f68608e4245420e26fc390a435f4cf3538931d6938568266043e3600e3fe943f531ad696990f7ef25
-
SSDEEP
24576:m9WFfD+P2kVORHUvU/C88Cx+DDs9hmt9EwONE+D3APRgbUTfNugzT:+U4C4Cx+DQU9EwqTAPRgbfYT
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Request for Quotation.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
Request for Quotation.exe
-
Size
1.4MB
-
MD5
6194f48fb37a6bb1ba0908abc6b1a537
-
SHA1
0e80a10e34ca8b23e568f871bdc0eef8f1fe63f2
-
SHA256
5f323f12b134d9f8718282eeb8d8423c9a6f123545cb8fb4ca3a38b6f8092af1
-
SHA512
7723660cb65c449ffd73ce457d3c7ce93a4d7703452c7d2f68608e4245420e26fc390a435f4cf3538931d6938568266043e3600e3fe943f531ad696990f7ef25
-
SSDEEP
24576:m9WFfD+P2kVORHUvU/C88Cx+DDs9hmt9EwONE+D3APRgbUTfNugzT:+U4C4Cx+DQU9EwqTAPRgbfYT
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-