General

  • Target

    jagymequipment_Order_list_30052023.gz

  • Size

    908KB

  • Sample

    230530-qwkadaab4t

  • MD5

    0e2975ffc2e65246eb2675ef5d9be784

  • SHA1

    b59aa1167838259d4bd9e3186c45631e855724a7

  • SHA256

    77d1b546549b894858e9631d3e9175509fa1890d8c642c3d90a7bdbdb0064929

  • SHA512

    bee82af49634895549d604a328cbe594bd4ee81cb93328489cf86d8859ca76ec32a899c33b6ff3fb84dc365ff096e6f646ac7cd9a936d58f7339add73a930bee

  • SSDEEP

    24576:iSsPkEOnJFKnAGamQqeD29/JhXHB9AmRuxEUyd:i1PkEOJFGapSL3B9AmRuKUW

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      jagymequipment_Order_list_30052023.exe

    • Size

      1024KB

    • MD5

      a1effb2cfe2a999d25a2f16a3271b0ec

    • SHA1

      68752a3d1b5c2837829f4b1e9d59fa7529d4ed07

    • SHA256

      45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603

    • SHA512

      6b335e536919c03b69d60aa645642e253cc12aee2ec9396585114870370f25b3ba5994742b6676c770528a718c3af1ceee086bac93d554b6d043dbd6639301a8

    • SSDEEP

      24576:S9LaVUH999wbJG2Bzr7G9Fvqp8vYtY3aoT55ybAt:+BH9w1Havq6vYS34bA

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks