Overview

overview

10

Static

static

3

Draft BL.exe

windows7-x64

10

Draft BL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Draft BL.z

  • Size

    797KB

  • Sample

    230627-vxk1hsfg6v

  • MD5

    14cb2b1ed7fcd9e3f9d1ff8e6056efac

  • SHA1

    27bf45c6333465609f560d99639a78ad48d257cd

  • SHA256

    b1bfefffd758eb6a51517edbd4df1ec4494519e35d06a2f411b106c85e9066e9

  • SHA512

    fb1eab2a4f77ffef5f18c0303c93bf2d208aed87d933bbbd2018e8e877e9f5fa7a6bb5902bc2fedcf065f4de3dc81291507f9cd2be8eea6f7ab55d791901bde0

  • SSDEEP

    12288:7QRrmyz1H/mrl/VKE5+4WgLnyfySfgHDMDHLHrFfRZlu3NqTQh/bQAj+h8x:7fS0ISZs/LFJuNqo/W8x

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

    • Target

      Draft BL.exe

    • Size

      823KB

    • MD5

      ad39b3a11ed93999ec47bb2004822923

    • SHA1

      a91442c5fc2a806f2a73110d761f3c2d0923d694

    • SHA256

      642788b753c8802d30666e5d6d2a2e4c9d810583e3af7fcb2983dd219c4526e7

    • SHA512

      839c6a08742c094f8d972300c74e422c93b09082aa512e63e85ae6f4d769c59e09d5c4313ea5f189095dbb257cea32b23785f99efaef40a7ec8692907ca742c6

    • SSDEEP

      24576:GPPBLdk29XW6to9ejUKAQLSiXX/i/SUm:G/LXWexYLqfmSUm

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks