General
-
Target
MT103-Payment-SwiftMesaj.exe
-
Size
1.0MB
-
Sample
230718-xdqsrsea2z
-
MD5
962b447996d774bd6b11a221ab39bd8f
-
SHA1
aae4d7117ce9f6c493ed6f7c4d41cbc7c4f805f6
-
SHA256
3752671d8ecafe3de17f8ec3a30ef23f137d8c3cd62683a13f6e9a56db5db4f4
-
SHA512
23fbaf09f2e267883ed3e7db9c5f6f1512d2d2ca1ac097b23c3fb7183c7991e7c6b1397448ea996a1d24be6b16b3cc2a4b2d70fdb7c23249918d48923535df8e
-
SSDEEP
24576:8GFKCcW9RoTHfzW/ZOaXxLvppk/suw0kIrhDhq12N3nCAIQ9:8G8CcW9RoT/a/YahLR2/9Yeh220A
Static task
static1
Behavioral task
behavioral1
Sample
MT103-Payment-SwiftMesaj.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
MT103-Payment-SwiftMesaj.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot6120911772:AAEvnEDbWRlbIuD1NP8MtmiY3tQ46T9SQyo/sendMessage?chat_id=6082430866
Targets
-
-
Target
MT103-Payment-SwiftMesaj.exe
-
Size
1.0MB
-
MD5
962b447996d774bd6b11a221ab39bd8f
-
SHA1
aae4d7117ce9f6c493ed6f7c4d41cbc7c4f805f6
-
SHA256
3752671d8ecafe3de17f8ec3a30ef23f137d8c3cd62683a13f6e9a56db5db4f4
-
SHA512
23fbaf09f2e267883ed3e7db9c5f6f1512d2d2ca1ac097b23c3fb7183c7991e7c6b1397448ea996a1d24be6b16b3cc2a4b2d70fdb7c23249918d48923535df8e
-
SSDEEP
24576:8GFKCcW9RoTHfzW/ZOaXxLvppk/suw0kIrhDhq12N3nCAIQ9:8G8CcW9RoT/a/YahLR2/9Yeh220A
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-