Extracted

• • Target

    Request for Quotation.exe

  • Size

    1.5MB

  • MD5

    67683d83541b578498d12ddc5828260e

  • SHA1

    679904b6c6101f399811885b42e98c4c8c564e6e

  • SHA256

    9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680

  • SHA512

    fb3080919598e0bedaa3b429e86f498bbbfcfb257a9c92dc9f6c197e2da9bd17328cc762bd97e7cbb770f0d6f1e8c8c05107a59f6204ce8ebc5ad4996e8e709b

  • SSDEEP

    24576:sLOOmjfJ7uGyhgAzbOQ31ubRVTkK09CDg2bCaUwFDyfCTdNuuVIF/gwqb+:sG17uGmPOQ3oNVTkhC/bCaUwpy2wuV32

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2