General

  • Target

    07487299.exe

  • Size

    57KB

  • Sample

    230609-h2l26acb31

  • MD5

    f40a160dfddf79de154ad448c33c2e45

  • SHA1

    6edf15758a6618a0e357cf220225c54c10f4fc9f

  • SHA256

    ca43187a938211fe07ce02306e744c6c41b10fb12129d5e9b3c083a23541066f

  • SHA512

    b3f3e333995c946f8902915919da0a0e01866c75f3df577b0706734a65dff783398c2a33876b5b07d8267f5b48eabb3bd1e31ef37ab49f4bf5322c3a0847b503

  • SSDEEP

    1536:UwlxZCBDfbP7W71uMVV1GMeaDySRImGzaref9uT:UwlxZQfbP7WbV1xeuySRIm4ayf9uT

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    mail.dphe.gov.bd
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @DphE20#

Targets

    • Target

      07487299.exe

    • Size

      57KB

    • MD5

      f40a160dfddf79de154ad448c33c2e45

    • SHA1

      6edf15758a6618a0e357cf220225c54c10f4fc9f

    • SHA256

      ca43187a938211fe07ce02306e744c6c41b10fb12129d5e9b3c083a23541066f

    • SHA512

      b3f3e333995c946f8902915919da0a0e01866c75f3df577b0706734a65dff783398c2a33876b5b07d8267f5b48eabb3bd1e31ef37ab49f4bf5322c3a0847b503

    • SSDEEP

      1536:UwlxZCBDfbP7W71uMVV1GMeaDySRImGzaref9uT:UwlxZQfbP7WbV1xeuySRIm4ayf9uT

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks