Overview

overview

10

Static

static

1

2a52adef89...26.exe

windows7-x64

10

2a52adef89...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a52adef8906a92fa4b4feb96c1b8c26.exe

  • Size

    707KB

  • MD5

    2a52adef8906a92fa4b4feb96c1b8c26

  • SHA1

    5bc7a3c740295e6e0a0c2455be73c5c6669a8171

  • SHA256

    8940eb56fcbcf0b9e9f1ca34b9e2671bf9f0494eed2b00254cc916378337c0bd

  • SHA512

    09f6c07b2d09937aa12c8befcceab02e8069ee661a97dc39af6531ae8277f7c10680eb3375ce2ad8a6111561af829d4ef543220beeeb6b86fdc85b4d44055caf

  • SSDEEP

    12288:aPtYLDXEk6PT0/ZxSnw7NGUNIXIo6RPuxR51ee0PRNuU1:AtYLDUk6Pwkw5dkIo6RjzPv1

Score
10/10
blustealerzgratratstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    restd.xyz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    E^6666?VJo99/*

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe
    "C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe
      C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe
      2⤵
        PID:3352
      • C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe
        C:\Users\Admin\AppData\Local\Temp\2a52adef8906a92fa4b4feb96c1b8c26.exe
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/456-1-0x00000000748F0000-0x00000000750A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/456-0-0x0000000000710000-0x00000000007C4000-memory.dmp

      Filesize

      720KB

      Download

    • memory/456-2-0x0000000005760000-0x0000000005D04000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/456-3-0x0000000005260000-0x00000000052F2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/456-4-0x0000000005250000-0x0000000005260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-5-0x00000000051E0000-0x00000000051EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/456-6-0x00000000748F0000-0x00000000750A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/456-7-0x0000000005250000-0x0000000005260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-8-0x0000000006A90000-0x0000000006B3E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/456-9-0x0000000006E10000-0x0000000006E92000-memory.dmp

      Filesize

      520KB

      Download

    • memory/456-10-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-11-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-13-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-15-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-17-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-29-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-39-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-43-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-57-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-69-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-73-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-71-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-67-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-65-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-63-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-61-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-59-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-55-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-53-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-51-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-49-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-47-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-45-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-41-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-37-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-35-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-33-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-31-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-27-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-25-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-23-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-21-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-19-0x0000000006E10000-0x0000000006E8B000-memory.dmp

      Filesize

      492KB

      Download

    • memory/456-2531-0x00000000748F0000-0x00000000750A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1268-2532-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1268-2535-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download