Overview

overview

10

Static

static

3

Scan0007.exe

windows7-x64

10

Scan0007.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d233b05022cb83a1e9de30be9cea8f9

  • Size

    836KB

  • Sample

    240128-pqe8ssaeg4

  • MD5

    7d233b05022cb83a1e9de30be9cea8f9

  • SHA1

    1fbdd0cf60c64b6dec5482c5fdbed585e64ab666

  • SHA256

    5f0206e0b04e154ffec77bf3a50d5f863d875b909d13bd1ae4f7dcba79157634

  • SHA512

    b4ffd046522da99a6d23bd5e16326bdbe4a761e9da24f2fefbda765de63d8ecc95843776265d409c7b0b993e87a79c66e3f7a0364c65b0cd1fb6dc6156666de2

  • SSDEEP

    12288:o6NGgr2DgqN89btwaMrX0Z18QveE2BgVC4Dm/CODmWMTrYBDOudCPg2g+4F:NNGgrVq+9b6AWQWVBUC4sy3rYDws+4F

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    %plDEKz1

Targets

    • Target

      Scan0007.exe

    • Size

      882KB

    • MD5

      535deefc0c2866703f5a24782aa5b090

    • SHA1

      1065b8088c3c0a21a7b45c32b1f3b27705e17d40

    • SHA256

      be7f48bc769105639774263b5a730b3960eac5fac8ba019d19a06aca81ebb946

    • SHA512

      f36fac63b6ee1080eb88daf0ad3ffee9a1bb3a1b4afa02e96455b3dbd2aa8fbf7eb32055e477043a7a0363ec14ac3b43ea40260ed91afbff456894680670b5ac

    • SSDEEP

      12288:QUBDMmZriMmjwc+/aOU2xglqHo9a6NWPXjPb9jgTBvY9GhOEGUAV38I:IyrY565glqI46NWPjqBvzOcAm

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks