Overview

overview

10

Static

static

3

RFQ-06062023.exe

windows7-x64

10

RFQ-06062023.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-06062023.gz

  • Size

    902KB

  • Sample

    230606-js3h8acf39

  • MD5

    560c5d45495123024cb1939df9dfcf15

  • SHA1

    0125c1b181d64ab8f798dd467d677fb59e03e7e9

  • SHA256

    c88547905262f00bc7ac584b6410b8463e968057e180eda3653c2282d2743899

  • SHA512

    921f54d8e6e0587a431238b01f6f5f456316d621647bbe8c44f523bc66b15be8080d8406faf9026b907946bb64090a5724b6e832e2a6c1b262a2c87bdf2cba49

  • SSDEEP

    12288:4NTWZb8OfMd2En7XpUbKsCTvDM1h/ABVNUyCXK9ejLtn8mvYPdASJcqLFegP44Ml:cTWZb/67Xa4DMzA7rCZL58qydDyf6O

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      RFQ-06062023.exe

    • Size

      994KB

    • MD5

      9c8ebe5eb36367cf02012d0664b97202

    • SHA1

      e1fdfe7d35e0241eb17e501dce0586f37bef4ac7

    • SHA256

      3c4bb89b988346aaae821e6b5ca65572da9e265bf00dfa5d0df0870634711545

    • SHA512

      2ab235608c6e5d97dcd995a4700b99ba863a47674fe34d4981d469a32ad99d085fdaa72a0eed068f8cce79049ec1f24f93d16de0eb068b7a845c6866d482cf0a

    • SSDEEP

      24576:E/thewlqB6pq4ptiyuo0urd0XAa23zgS4mU3yUt7T6O+uw+:se2q8pFpt91yf6U3D7TX+

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks