Overview

overview

10

Static

static

3

RFQ 21032023.exe

windows7-x64

10

RFQ 21032023.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ 21032023.gz

  • Size

    960KB

  • Sample

    230605-mskvysge51

  • MD5

    2301043278ee73f6f0ecc6b49ecf45a7

  • SHA1

    0f89207aa8647d59dcd980d8095651e893c46ca7

  • SHA256

    3a40ac14fd18095afb3e8ba414be572421b11bd60d2873132fc704398a472197

  • SHA512

    bf330dfc5db9e87e5888b67476f5279892360eede099d588dc20c3a44d3171cb1faf235f114996e17c29a40123529e4dbd85c30c0d9b3d07e32ef34c6a4a2ad8

  • SSDEEP

    24576:337BW1xLO8LXWgkOPPl6cBnNkTHVH+vmlOpsOEN2:eFvCWHlnBNkh6os

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ 21032023.exe

    • Size

      1.0MB

    • MD5

      b5092b7033671f564ffa23d3103946c1

    • SHA1

      b93194a6c0b2f0ffffcca6aa88dd554bde9af8fa

    • SHA256

      a6bd799fc4f4fe152be8b5709d8dc3d75fc39c750c7b46c56d0b84970a32883d

    • SHA512

      5ce4c3c507e2176a905336ef9dfa64c509d01445360f56c2b4963663ef046160015fcee5b2830e4a696f09cb4ff4e7983dcab61c567687dd5561aa25e12c8c27

    • SSDEEP

      24576:Hq1U9BqmycgiH75BCYjBjrZ3UnolejhMrnyxZvzgC+TcB3TuflETG7NZ:Ku9Bqmycr7CUJrRRlahMrzfTU8lIO

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks