Extracted

• • Target

    Purchase Order.exe

  • Size

    1.4MB

  • MD5

    98ac95047944a90076ed642f2b56fc7f

  • SHA1

    e34b95acbdbead3a7057f6e42673bed24aa573c9

  • SHA256

    421845b1fbf3828e4f4fe3e7147f501a422bd6ae755e388a089c67d005770b58

  • SHA512

    8d415d64193df913602752c3004a7a24d7bc0ab29129eda9a1e9653e7cbfbaccb5ada7a1aa4a8b4ea81ff7fc2696fea242caf722e655b43f41cdc952738c5f74

  • SSDEEP

    24576:N8whh2b5/1L3Y5zhzKSYIb34DSNCZlk0pRIIV6Kkcd4UiivgEvyV1jBSH:w91Lo5zgSYUI24ZlkwRI+9WUiiv7vyX0

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3