Overview

overview

10

Static

static

3

13ec1600c3...44.exe

windows7-x64

10

13ec1600c3...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10660518138.zip

  • Size

    886KB

  • Sample

    230605-jvsf2afh9y

  • MD5

    1d0e4d053627678d0d6a60bbc8f4fb4c

  • SHA1

    1eef54f921257564242e5cd10228c2597bcb2386

  • SHA256

    55b486f7e3eb481c395c5bc295d5d4cb85d0318e3185cbad9eeac17b1fd7abcf

  • SHA512

    dfb3c2904ad274748a3cbaff522581a8261cc26eac22c293ea32f09aa1a21f7c7790b827831a66a73129de3821720ce634423444d2ae7e1dbe769e76d569554a

  • SSDEEP

    12288:cpNy9df1HRxySRdDn6Qd0RxrkujFYkj6HMTvCgh3Fw2jhq7esmXfdMg5/K2YiPeg:UORgRlykjPTvB1jjhgrmvdTde1tZex

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.dphe.gov.bd
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @DphE20#

Targets

    • Target

      13ec1600c34aef86c927c06c2930cc91c57af490d206783263c82a5d3877bd44

    • Size

      1.3MB

    • MD5

      47e740a60ad3725bf3e8aa0f1ca06602

    • SHA1

      14cdc8c2df7e674eff67104603841113d83b4927

    • SHA256

      13ec1600c34aef86c927c06c2930cc91c57af490d206783263c82a5d3877bd44

    • SHA512

      3cef948a617aef62b2483b34649f631c1f0f9a59308fd2c3a32d049843fa9eb634f46d955a7e1c1ca20c03bad6df8cf59327cb8b23ed095870e217a9940b6214

    • SSDEEP

      12288:/06hthweHJDyHYKeu7oFcN6wLEOcU8od5bkwIf4PghrV1U9REyaXO1fIM0WQCjTr:38oOLEOJ805UP37yao0DCb

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks