Overview

overview

10

Static

static

3

9d8bd1a80a...aa.exe

windows7-x64

10

9d8bd1a80a...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d8bd1a80acd712dc10e174cbdad8daa

  • Size

    486KB

  • Sample

    240215-lf16qsde4v

  • MD5

    9d8bd1a80acd712dc10e174cbdad8daa

  • SHA1

    94941990af9a90fc27369e4bf4a1a82e11c536c7

  • SHA256

    6c61d18fadb92cf6235f0d9f708f876f8b8bcaaa6eb7d66d5ed515a60a317d94

  • SHA512

    fa0d8b11d168ec835b483e9ff636e16dc9a71b3df2502d4e1e7bc2880c38cb745d3deef2dbe08ed4d1439bd34a5e835bfcf8bd0893689fa6130eb10404ce3284

  • SSDEEP

    12288:WCYl8CEyYIa2K1jePyf5DNjleenYXacCEwi1lyFZj:WCYlF5HnKSKDvLnYXrpwxFZj

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.dm-teh.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vm@(O;CO.vEQ

Targets

    • Target

      9d8bd1a80acd712dc10e174cbdad8daa

    • Size

      486KB

    • MD5

      9d8bd1a80acd712dc10e174cbdad8daa

    • SHA1

      94941990af9a90fc27369e4bf4a1a82e11c536c7

    • SHA256

      6c61d18fadb92cf6235f0d9f708f876f8b8bcaaa6eb7d66d5ed515a60a317d94

    • SHA512

      fa0d8b11d168ec835b483e9ff636e16dc9a71b3df2502d4e1e7bc2880c38cb745d3deef2dbe08ed4d1439bd34a5e835bfcf8bd0893689fa6130eb10404ce3284

    • SSDEEP

      12288:WCYl8CEyYIa2K1jePyf5DNjleenYXacCEwi1lyFZj:WCYlF5HnKSKDvLnYXrpwxFZj

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks