Overview

overview

10

Static

static

3

df95aae638...47.exe

windows7-x64

10

df95aae638...47.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df95aae6381d28eb50962bffde872747

  • Size

    505KB

  • Sample

    240326-tr9w1sea39

  • MD5

    df95aae6381d28eb50962bffde872747

  • SHA1

    4e6b4bbabc63f1cb5b0704d00d93defd9c464ca8

  • SHA256

    95ae532a3078fcb5d6541ab5789497e4cf3919ee5fbb09f33af55ac763280641

  • SHA512

    1701237f9312aeece6dbfe37be25daca8bb7a63cd94f983abb14d703e440f5d40e19aba9daccc3812b0dd842df1cdaef6a2053c1d9d201a57dc8df58e22c54ef

  • SSDEEP

    12288:Sp7a5IxyWpnNQ5nucJZn7yJrz9WLu/h6P/Y2aw29wkhAvIj1robqeFhcl9p:e7a5IxnkuAECPb/k3joF2lz

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.farm-finn.com
  • Port:
    587
  • Username:
    shan@farm-finn.com
  • Password:
    shanti@shant

Targets

    • Target

      df95aae6381d28eb50962bffde872747

    • Size

      505KB

    • MD5

      df95aae6381d28eb50962bffde872747

    • SHA1

      4e6b4bbabc63f1cb5b0704d00d93defd9c464ca8

    • SHA256

      95ae532a3078fcb5d6541ab5789497e4cf3919ee5fbb09f33af55ac763280641

    • SHA512

      1701237f9312aeece6dbfe37be25daca8bb7a63cd94f983abb14d703e440f5d40e19aba9daccc3812b0dd842df1cdaef6a2053c1d9d201a57dc8df58e22c54ef

    • SSDEEP

      12288:Sp7a5IxyWpnNQ5nucJZn7yJrz9WLu/h6P/Y2aw29wkhAvIj1robqeFhcl9p:e7a5IxnkuAECPb/k3joF2lz

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks