General

  • Target

    Purchase order 3500354689.exe

  • Size

    1.4MB

  • Sample

    230511-leb58aee8t

  • MD5

    54449cb838ba6a7de0d11f73de31c1af

  • SHA1

    4fa134aaab1517fc86d77de166e8cb5dc65943df

  • SHA256

    2062e48bd178d835beb3c39a878ea0da87aae5a4a34e3322a12bc3e9e96bf52d

  • SHA512

    d9177818bf33a55fda1a4dadd98db20c8f72bea1ee3d43d707ef3ddaaed7af944cc97dfb14d649f916573f201730d6bd39d51506ae314cb38882f59d7be19bc4

  • SSDEEP

    24576:KRmht8BU5wGMUq6HxSzB793rWyxLV08a5XwE7uWhDVzeWhWGAUlCwUY/l:3l5MUqF99TxLG8aJ3lZLeUlv/l

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Purchase order 3500354689.exe

    • Size

      1.4MB

    • MD5

      54449cb838ba6a7de0d11f73de31c1af

    • SHA1

      4fa134aaab1517fc86d77de166e8cb5dc65943df

    • SHA256

      2062e48bd178d835beb3c39a878ea0da87aae5a4a34e3322a12bc3e9e96bf52d

    • SHA512

      d9177818bf33a55fda1a4dadd98db20c8f72bea1ee3d43d707ef3ddaaed7af944cc97dfb14d649f916573f201730d6bd39d51506ae314cb38882f59d7be19bc4

    • SSDEEP

      24576:KRmht8BU5wGMUq6HxSzB793rWyxLV08a5XwE7uWhDVzeWhWGAUlCwUY/l:3l5MUqF99TxLG8aJ3lZLeUlv/l

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks