Overview

overview

10

Static

static

3

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88a027916f752da075bda9b7ecd5b0c3.bin

  • Size

    1.4MB

  • Sample

    230509-bxmdssdg45

  • MD5

    88a027916f752da075bda9b7ecd5b0c3

  • SHA1

    d46bc97a14dc98b974d045adc92e68f8166a760e

  • SHA256

    6bd883240fc97aff61fdafa84f6b28ac22849b0097dc80c3a4cfa75611cf14b6

  • SHA512

    e7c6ec07edf9f5c0055f3987cad089d27f13b4faebd564d7b8f074a8363b423ace993e2774a33af7d532e0f462acd0fa5bcb540011244981b15a638cbdf81fda

  • SSDEEP

    24576:cqMYZ6521PJMOT2nOXsq9hBYTm+rmGgxe27WcMd6UF6mFp4LqeyfAioI7TSMbEAI:4YZtBJMUXsQsTmMmRx5Wvdf6mgLofAi+

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase Order.exe

    • Size

      1.5MB

    • MD5

      50815feaceafebb93a883fd6790af856

    • SHA1

      9eee055af8be7bc6de2b6a3b869b553758ca741f

    • SHA256

      a894ab5bc1a3a77398b7c8b154acc165d9dc5e4e183e573daa8dda6c969d58f3

    • SHA512

      08fedff0fca35a0be3201f41e2583089284640e98f8597d4b33582e3b0b7157db4d7da0b1587deccd69564911b702fe159e9de9700cf6edee875cbf191d64e0d

    • SSDEEP

      24576:EMQt9u/6kEu3h2ZuJPsbIf0O9AXpTHH6yTuEBEel9DWtJ/qBcME7W+DUn+GOaHjR:Wt9u/6kzwu7sjFpBEeritJ4QB0ZljJ

    Score
    10/10
    blustealercollectionstealerspyware

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks