General
-
Target
Purchase order 3500354689.exe
-
Size
1.4MB
-
Sample
230511-leb58aee8t
-
MD5
54449cb838ba6a7de0d11f73de31c1af
-
SHA1
4fa134aaab1517fc86d77de166e8cb5dc65943df
-
SHA256
2062e48bd178d835beb3c39a878ea0da87aae5a4a34e3322a12bc3e9e96bf52d
-
SHA512
d9177818bf33a55fda1a4dadd98db20c8f72bea1ee3d43d707ef3ddaaed7af944cc97dfb14d649f916573f201730d6bd39d51506ae314cb38882f59d7be19bc4
-
SSDEEP
24576:KRmht8BU5wGMUq6HxSzB793rWyxLV08a5XwE7uWhDVzeWhWGAUlCwUY/l:3l5MUqF99TxLG8aJ3lZLeUlv/l
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order 3500354689.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase order 3500354689.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325
Targets
-
-
Target
Purchase order 3500354689.exe
-
Size
1.4MB
-
MD5
54449cb838ba6a7de0d11f73de31c1af
-
SHA1
4fa134aaab1517fc86d77de166e8cb5dc65943df
-
SHA256
2062e48bd178d835beb3c39a878ea0da87aae5a4a34e3322a12bc3e9e96bf52d
-
SHA512
d9177818bf33a55fda1a4dadd98db20c8f72bea1ee3d43d707ef3ddaaed7af944cc97dfb14d649f916573f201730d6bd39d51506ae314cb38882f59d7be19bc4
-
SSDEEP
24576:KRmht8BU5wGMUq6HxSzB793rWyxLV08a5XwE7uWhDVzeWhWGAUlCwUY/l:3l5MUqF99TxLG8aJ3lZLeUlv/l
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-