General

  • Target

    MT103-Payment-SwiftMesaj.exe

  • Size

    1.0MB

  • Sample

    230718-xdqsrsea2z

  • MD5

    962b447996d774bd6b11a221ab39bd8f

  • SHA1

    aae4d7117ce9f6c493ed6f7c4d41cbc7c4f805f6

  • SHA256

    3752671d8ecafe3de17f8ec3a30ef23f137d8c3cd62683a13f6e9a56db5db4f4

  • SHA512

    23fbaf09f2e267883ed3e7db9c5f6f1512d2d2ca1ac097b23c3fb7183c7991e7c6b1397448ea996a1d24be6b16b3cc2a4b2d70fdb7c23249918d48923535df8e

  • SSDEEP

    24576:8GFKCcW9RoTHfzW/ZOaXxLvppk/suw0kIrhDhq12N3nCAIQ9:8G8CcW9RoT/a/YahLR2/9Yeh220A

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6120911772:AAEvnEDbWRlbIuD1NP8MtmiY3tQ46T9SQyo/sendMessage?chat_id=6082430866

Targets

    • Target

      MT103-Payment-SwiftMesaj.exe

    • Size

      1.0MB

    • MD5

      962b447996d774bd6b11a221ab39bd8f

    • SHA1

      aae4d7117ce9f6c493ed6f7c4d41cbc7c4f805f6

    • SHA256

      3752671d8ecafe3de17f8ec3a30ef23f137d8c3cd62683a13f6e9a56db5db4f4

    • SHA512

      23fbaf09f2e267883ed3e7db9c5f6f1512d2d2ca1ac097b23c3fb7183c7991e7c6b1397448ea996a1d24be6b16b3cc2a4b2d70fdb7c23249918d48923535df8e

    • SSDEEP

      24576:8GFKCcW9RoTHfzW/ZOaXxLvppk/suw0kIrhDhq12N3nCAIQ9:8G8CcW9RoT/a/YahLR2/9Yeh220A

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks