Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
06-02-2024 07:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
941ffbcc54a5826dde6e2d35f2fc761d.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
941ffbcc54a5826dde6e2d35f2fc761d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
941ffbcc54a5826dde6e2d35f2fc761d.exe
-
Size
489KB
-
MD5
941ffbcc54a5826dde6e2d35f2fc761d
-
SHA1
fc892954c47237abfc7956450aa13e5ad2d97488
-
SHA256
4a0b8f4dbb3acd1bbab1527d90921061bef21f3422250dcc41b8046b77edbd9b
-
SHA512
85327aa14dfdd4f7e8fb8387fc8f47066abd5037cb3d080444d17e40fb7d49803b86c5d971b434f872130a152590ac14df1fc3025954625cd9ec637c71b2e635
-
SSDEEP
12288:+pxLkSqnEa1yg6PbvF1yC62hkh2pf05T70sZ0XNfM:jaZ1yQC5gXtM
Score
10/10
Malware Config
Extracted
Family
blustealer
Credentials
Protocol: smtp- Host:
mail.dm-teh.com - Port:
587 - Username:
[email protected] - Password:
Vm@(O;CO.vEQ
Signatures
-
BluStealer
A Modular information stealer written in Visual Basic.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2640 set thread context of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17 -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1060 941ffbcc54a5826dde6e2d35f2fc761d.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2640 wrote to memory of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17 PID 2640 wrote to memory of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17 PID 2640 wrote to memory of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17 PID 2640 wrote to memory of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17 PID 2640 wrote to memory of 1060 2640 941ffbcc54a5826dde6e2d35f2fc761d.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\941ffbcc54a5826dde6e2d35f2fc761d.exe"C:\Users\Admin\AppData\Local\Temp\941ffbcc54a5826dde6e2d35f2fc761d.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\941ffbcc54a5826dde6e2d35f2fc761d.exe"C:\Users\Admin\AppData\Local\Temp\941ffbcc54a5826dde6e2d35f2fc761d.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:1060
-