General
-
Target
641be17bc535de14c143b803d9da4d1b
-
Size
2.3MB
-
Sample
240118-bqzesaaadj
-
MD5
641be17bc535de14c143b803d9da4d1b
-
SHA1
42f20588bebcda54ee7482a01c4c12876d1d11a2
-
SHA256
481040d8ec2c9253e10b7d7bd1712ea29db40c98aae1b58ee21a6f5fcc64854d
-
SHA512
eea941e06e604db321faa5f4cc1c9d6c036b1eb915c517210434bb688a46517db792ff07ca215403a482550b317bd693779ee96f5b588ca02a5ab56d932674a1
-
SSDEEP
12288:Pr2WbxQJ6iVmp153F8bQRs2Wb4xRH3xImOj9a4ENpjPsh10LYoE5UcyZmexxlcUa:PrVbxi66I1F8bQDDW9/Esh10LYo/0
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
bojtai.club - Port:
587 - Username:
[email protected] - Password:
hcx8knJINooP
Targets
-
-
Target
641be17bc535de14c143b803d9da4d1b
-
Size
2.3MB
-
MD5
641be17bc535de14c143b803d9da4d1b
-
SHA1
42f20588bebcda54ee7482a01c4c12876d1d11a2
-
SHA256
481040d8ec2c9253e10b7d7bd1712ea29db40c98aae1b58ee21a6f5fcc64854d
-
SHA512
eea941e06e604db321faa5f4cc1c9d6c036b1eb915c517210434bb688a46517db792ff07ca215403a482550b317bd693779ee96f5b588ca02a5ab56d932674a1
-
SSDEEP
12288:Pr2WbxQJ6iVmp153F8bQRs2Wb4xRH3xImOj9a4ENpjPsh10LYoE5UcyZmexxlcUa:PrVbxi66I1F8bQDDW9/Esh10LYo/0
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-