General
-
Target
Invoice and packing list.exe
-
Size
927KB
-
Sample
230518-pt5mvsag39
-
MD5
be243e22ac3aedbbb1c9894a85e0e087
-
SHA1
76b0bd8ef47a8a569b205672f9700e668f6d0189
-
SHA256
30a680695af757592455d8768df9999f4b5abb540877e652b93373fb1a693e5b
-
SHA512
c6121e38d1ac124b2946c3b194cb77a2c417433cd052c5fbaedf03b76478b5eec319e927aa83f9ce64c01943bfd572296865a52901fb721866573723a5ec4160
-
SSDEEP
24576:uXMJqDbDyXjIonWR3NCGQZbOUAdwKvpqmK:uzLyTIoSsZnAdwK
Static task
static1
Behavioral task
behavioral1
Sample
Invoice and packing list.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice and packing list.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5982631795:AAFe1A7BEPv_6ExMz851LxdOAjr_9gqH8zY/sendMessage?chat_id=5968311109
Targets
-
-
Target
Invoice and packing list.exe
-
Size
927KB
-
MD5
be243e22ac3aedbbb1c9894a85e0e087
-
SHA1
76b0bd8ef47a8a569b205672f9700e668f6d0189
-
SHA256
30a680695af757592455d8768df9999f4b5abb540877e652b93373fb1a693e5b
-
SHA512
c6121e38d1ac124b2946c3b194cb77a2c417433cd052c5fbaedf03b76478b5eec319e927aa83f9ce64c01943bfd572296865a52901fb721866573723a5ec4160
-
SSDEEP
24576:uXMJqDbDyXjIonWR3NCGQZbOUAdwKvpqmK:uzLyTIoSsZnAdwK
Score10/10-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-