General

  • Target

    dec7bbc61e5fac7b9dcc798e85c6cffc

  • Size

    2.6MB

  • Sample

    240326-kxtmjsef96

  • MD5

    dec7bbc61e5fac7b9dcc798e85c6cffc

  • SHA1

    353315e4cf6cd85aa6cf574761f7b5e706b35597

  • SHA256

    ff067dcb1df6837231a965295ce09eb39ddc7856b72f23c59f8bd950bcc8c3f8

  • SHA512

    4edb7b2028045a70dc95ff3956904c19499f5442b87f402d7e3f8e0b861c0bb7e25ee906774d8a25e6ee92c428dad8db35881f401e426985e80914fb0129bbfa

  • SSDEEP

    24576:lVe3u2JKwQ1rDRYgkCL9m9YgYXr0hLzwMTR3jllk+x0a2XQFsZxhoED:f9pqOyeMxlpYr

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1949235546:AAFJ8hWHynuHinrzOjcAE-TQlS6bYGcf8J8/sendMessage?chat_id=1947722068

Targets

    • Target

      dec7bbc61e5fac7b9dcc798e85c6cffc

    • Size

      2.6MB

    • MD5

      dec7bbc61e5fac7b9dcc798e85c6cffc

    • SHA1

      353315e4cf6cd85aa6cf574761f7b5e706b35597

    • SHA256

      ff067dcb1df6837231a965295ce09eb39ddc7856b72f23c59f8bd950bcc8c3f8

    • SHA512

      4edb7b2028045a70dc95ff3956904c19499f5442b87f402d7e3f8e0b861c0bb7e25ee906774d8a25e6ee92c428dad8db35881f401e426985e80914fb0129bbfa

    • SSDEEP

      24576:lVe3u2JKwQ1rDRYgkCL9m9YgYXr0hLzwMTR3jllk+x0a2XQFsZxhoED:f9pqOyeMxlpYr

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks