General

  • Target

    Invoice and packing list.exe

  • Size

    927KB

  • Sample

    230518-pt5mvsag39

  • MD5

    be243e22ac3aedbbb1c9894a85e0e087

  • SHA1

    76b0bd8ef47a8a569b205672f9700e668f6d0189

  • SHA256

    30a680695af757592455d8768df9999f4b5abb540877e652b93373fb1a693e5b

  • SHA512

    c6121e38d1ac124b2946c3b194cb77a2c417433cd052c5fbaedf03b76478b5eec319e927aa83f9ce64c01943bfd572296865a52901fb721866573723a5ec4160

  • SSDEEP

    24576:uXMJqDbDyXjIonWR3NCGQZbOUAdwKvpqmK:uzLyTIoSsZnAdwK

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5982631795:AAFe1A7BEPv_6ExMz851LxdOAjr_9gqH8zY/sendMessage?chat_id=5968311109

Targets

    • Target

      Invoice and packing list.exe

    • Size

      927KB

    • MD5

      be243e22ac3aedbbb1c9894a85e0e087

    • SHA1

      76b0bd8ef47a8a569b205672f9700e668f6d0189

    • SHA256

      30a680695af757592455d8768df9999f4b5abb540877e652b93373fb1a693e5b

    • SHA512

      c6121e38d1ac124b2946c3b194cb77a2c417433cd052c5fbaedf03b76478b5eec319e927aa83f9ce64c01943bfd572296865a52901fb721866573723a5ec4160

    • SSDEEP

      24576:uXMJqDbDyXjIonWR3NCGQZbOUAdwKvpqmK:uzLyTIoSsZnAdwK

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks