Analysis
-
max time kernel
127s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
21-01-2024 06:16
General
-
Target
6c90d471c7fa59b51f1a820b0fada9e3.exe
-
Size
2.3MB
-
MD5
6c90d471c7fa59b51f1a820b0fada9e3
-
SHA1
b3ec13231b0bf2cd938c8edb531f6fc087bdb083
-
SHA256
fce1e5d65d8375a41cd61ec690febb3ca3d2b6745194cc7b0f54727bf48197a9
-
SHA512
11da870880f5070a477d9ae76d7ddee310c9e79c164c098a912625c166e7d06af214687b9e1cc4fe9b8345bf7e0b696f790b435467fd5a5a02d9106942cc8197
-
SSDEEP
12288:e7tckxtGtCP7svhJrXFlrO02jle+qcs2eXNPnrEdrE:e7JxUtAsvhRDZO/qcsxXN/odo
Score
10/10
Malware Config
Extracted
Family
blustealer
Credentials
Protocol: smtp- Host:
bojtai.xyz - Port:
587 - Username:
[email protected] - Password:
(mr.GT^Eg#C6
Signatures
-
BluStealer
A Modular information stealer written in Visual Basic.
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c90d471c7fa59b51f1a820b0fada9e3.exe"C:\Users\Admin\AppData\Local\Temp\6c90d471c7fa59b51f1a820b0fada9e3.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB
-
Filesize
472KB
-
Filesize
472KB
-
Filesize
4KB
-
Filesize
472KB
-
Filesize
472KB
-
Filesize
472KB
-
Filesize
6.9MB
-
Filesize
2.4MB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB