Overview

overview

10

Static

static

3

13.exe

windows7-x64

10

13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13

  • Size

    1.3MB

  • Sample

    230608-m591lsef36

  • MD5

    47e740a60ad3725bf3e8aa0f1ca06602

  • SHA1

    14cdc8c2df7e674eff67104603841113d83b4927

  • SHA256

    13ec1600c34aef86c927c06c2930cc91c57af490d206783263c82a5d3877bd44

  • SHA512

    3cef948a617aef62b2483b34649f631c1f0f9a59308fd2c3a32d049843fa9eb634f46d955a7e1c1ca20c03bad6df8cf59327cb8b23ed095870e217a9940b6214

  • SSDEEP

    12288:/06hthweHJDyHYKeu7oFcN6wLEOcU8od5bkwIf4PghrV1U9REyaXO1fIM0WQCjTr:38oOLEOJ805UP37yao0DCb

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.dphe.gov.bd
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @DphE20#

Targets

    • Target

      13

    • Size

      1.3MB

    • MD5

      47e740a60ad3725bf3e8aa0f1ca06602

    • SHA1

      14cdc8c2df7e674eff67104603841113d83b4927

    • SHA256

      13ec1600c34aef86c927c06c2930cc91c57af490d206783263c82a5d3877bd44

    • SHA512

      3cef948a617aef62b2483b34649f631c1f0f9a59308fd2c3a32d049843fa9eb634f46d955a7e1c1ca20c03bad6df8cf59327cb8b23ed095870e217a9940b6214

    • SSDEEP

      12288:/06hthweHJDyHYKeu7oFcN6wLEOcU8od5bkwIf4PghrV1U9REyaXO1fIM0WQCjTr:38oOLEOJ805UP37yao0DCb

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks