Overview

overview

10

Static

static

3

RFQ# 6000263267.exe

windows7-x64

10

RFQ# 6000263267.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65BCB96689030A956D477CD74E7C8AB7639E36240C1330DE4B29E0C78029CE45

  • Size

    512KB

  • Sample

    230518-cc17wsha72

  • MD5

    abc56e58d20f030aa90a2b5ed8ad034b

  • SHA1

    e2068b0f5cb72fc802174bc6b317466d7dd282b5

  • SHA256

    65bcb96689030a956d477cd74e7c8ab7639e36240c1330de4b29e0c78029ce45

  • SHA512

    7107af1da70536f623a4c0b58e7a58ac83aab42c49d2e55f6384afe240f21356e9f4d54311c9673739954d014d5571541886017531fc3f9801c630089418a688

  • SSDEEP

    12288:dPDjI0ZmrpFGQ2hCp2pkIyGEcgsWw4tz6FFXkN46Cm:OYmrpFGRhVpWt9sWXtziFUN4y

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ# 6000263267.exe

    • Size

      526KB

    • MD5

      56c8f58ad43f6d3ceedcb459c984cbb0

    • SHA1

      941132c99e72829e3d1447caaa938dc69599c00c

    • SHA256

      71d546589ef99e38123b2fb807bb3e9b2ae88341c1d384e7603a6f867d57b87b

    • SHA512

      a3673469158800abf217751360e39feed141623218275e049f8a3fe152497840f9e423f21e6a91e03e521afe5a8f11c8fb28a7daed38d9ff9273e8cb16d27532

    • SSDEEP

      12288:PYZDn64onVzlCkdx0vbwvbzWLvdUuRvb7E1RBdDWCibbQ+:PYZAZXT0jyPCvb5HEJdKfbc+

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks