General

  • Target

    0bb1c29f4a8c046e798cd9781cc127a7

  • Size

    876KB

  • Sample

    231230-cyxrlacdbm

  • MD5

    0bb1c29f4a8c046e798cd9781cc127a7

  • SHA1

    bbad89c8d04b20f63d36014f00ded3818e595a53

  • SHA256

    139b8756b01add9dcac07d3a0137b0ea49a932fc4804ad0eca63ffc2958eda72

  • SHA512

    4b439bd85c725f104be24956525a6ae1a16dba28fe254695cbd667933d0cce2225e9a0f934ef17e1f5ef65ac033aa6ed72d016e3bed0bf270dd3d1eef12de63f

  • SSDEEP

    12288:+nkguFRskuUAlWC/44toU73kJiIWK4vV9BrFZsk1q1/1Yah2UKbnltqvTmDcN:0kEkuUAlV46zbk6K6VVZsuSYgF+qvH

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @@@@@@

Targets

    • Target

      0bb1c29f4a8c046e798cd9781cc127a7

    • Size

      876KB

    • MD5

      0bb1c29f4a8c046e798cd9781cc127a7

    • SHA1

      bbad89c8d04b20f63d36014f00ded3818e595a53

    • SHA256

      139b8756b01add9dcac07d3a0137b0ea49a932fc4804ad0eca63ffc2958eda72

    • SHA512

      4b439bd85c725f104be24956525a6ae1a16dba28fe254695cbd667933d0cce2225e9a0f934ef17e1f5ef65ac033aa6ed72d016e3bed0bf270dd3d1eef12de63f

    • SSDEEP

      12288:+nkguFRskuUAlWC/44toU73kJiIWK4vV9BrFZsk1q1/1Yah2UKbnltqvTmDcN:0kEkuUAlV46zbk6K6VVZsuSYgF+qvH

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks