Resubmissions

17-05-2023 01:49

230517-b8zhhacd81 10

17-05-2023 01:12

230517-bkztcsdc42 10

General

  • Target

    67683d83541b578498d12ddc5828260e.bin

  • Size

    1.3MB

  • Sample

    230517-bkztcsdc42

  • MD5

    19f612964eaabe6983601844aff83647

  • SHA1

    5bd52c3fda8006207a9364f375ad8b91141afebb

  • SHA256

    914ec7967105f367c2c14070b9c8b338354ecd2747f8972202714bb3668f39bc

  • SHA512

    32b87919db994be08280cd3a90aa46cdc242552f25f949344249223e7ee68d595ef6e2d1b763049b088e3ca10da5c0c48639fede1db1cb97f8d24cc1ea442427

  • SSDEEP

    24576:kKuA4sL2vHCf7nhy8O3Pv0qIbFvZAtXPQPOdxuJmkYQ+IaZG2iG3VYyR/4zLt:fuAdL2f4ynoFveXMUujY3IQGPktR/4nt

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe

    • Size

      1.5MB

    • MD5

      67683d83541b578498d12ddc5828260e

    • SHA1

      679904b6c6101f399811885b42e98c4c8c564e6e

    • SHA256

      9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680

    • SHA512

      fb3080919598e0bedaa3b429e86f498bbbfcfb257a9c92dc9f6c197e2da9bd17328cc762bd97e7cbb770f0d6f1e8c8c05107a59f6204ce8ebc5ad4996e8e709b

    • SSDEEP

      24576:sLOOmjfJ7uGyhgAzbOQ31ubRVTkK09CDg2bCaUwFDyfCTdNuuVIF/gwqb+:sG17uGmPOQ3oNVTkhC/bCaUwpy2wuV32

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks