Overview

overview

10

Static

static

3

Request fo...on.exe

windows7-x64

1

Request fo...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc06332b47519e981cee404fdf633560.bin

  • Size

    1.3MB

  • Sample

    230517-b8tx1sdd48

  • MD5

    c56fce091517a636fa5ecaf70e59d4e5

  • SHA1

    59f761e65e2398d23b21a3d8bd5a04493b5bbcc5

  • SHA256

    20ee2801106d4ff80f2b5147544e837a941240cc5b54d4fe026bc16c07c1e516

  • SHA512

    840e66a8cbaf280dff0b2a6eedadf13e99fe14c68991469ad9cd4c7d148ee87175b6c82f4ad42a94851fa6bdfc19a142c2e27809544c697a2da095e1ccc62a3b

  • SSDEEP

    24576:+nOj68g2RKaBUa1IKQaek4KSZIhNHmjHECcx72ThBoM0V4WYlIXPYP8LXmEcdy0:L68LRLBUmIk7H+kGoM0V4IPYkTmE4

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      Request for Quotation.exe

    • Size

      1.5MB

    • MD5

      67683d83541b578498d12ddc5828260e

    • SHA1

      679904b6c6101f399811885b42e98c4c8c564e6e

    • SHA256

      9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680

    • SHA512

      fb3080919598e0bedaa3b429e86f498bbbfcfb257a9c92dc9f6c197e2da9bd17328cc762bd97e7cbb770f0d6f1e8c8c05107a59f6204ce8ebc5ad4996e8e709b

    • SSDEEP

      24576:sLOOmjfJ7uGyhgAzbOQ31ubRVTkK09CDg2bCaUwFDyfCTdNuuVIF/gwqb+:sG17uGmPOQ3oNVTkhC/bCaUwpy2wuV32

    Score
    10/10
    blustealercollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks