Overview

overview

10

Static

static

3

e1d4a036b9...ad.exe

windows7-x64

10

e1d4a036b9...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1d4a036b94386f0d33843622fab1bad

  • Size

    1.8MB

  • Sample

    240327-q9p3sade64

  • MD5

    e1d4a036b94386f0d33843622fab1bad

  • SHA1

    ea5e11f919586f87d34a8039afb9308b93a07f63

  • SHA256

    ab7e2f3d96941792e0be9139f29d555c350123f8be701c6cd0f132c98f351407

  • SHA512

    83d6c35c9524add1df097f5e66ab72f0a2e4bf818ec5ab5c9d01631a920f6cf35c88952b7ae936eaedc85ede7301ac9988ad5326cc9fd904eaeee78046b28d58

  • SSDEEP

    49152:fhZUoHMjmCm6Ud+zyXc6dnS3vt05IVqCVhT6DDt:fhZUosjmCmN+mRnI+m6

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.dm-teh.com
  • Port:
    587
  • Username:
    office@dm-teh.com
  • Password:
    Vm@(O;CO.vEQ

Targets

    • Target

      e1d4a036b94386f0d33843622fab1bad

    • Size

      1.8MB

    • MD5

      e1d4a036b94386f0d33843622fab1bad

    • SHA1

      ea5e11f919586f87d34a8039afb9308b93a07f63

    • SHA256

      ab7e2f3d96941792e0be9139f29d555c350123f8be701c6cd0f132c98f351407

    • SHA512

      83d6c35c9524add1df097f5e66ab72f0a2e4bf818ec5ab5c9d01631a920f6cf35c88952b7ae936eaedc85ede7301ac9988ad5326cc9fd904eaeee78046b28d58

    • SSDEEP

      49152:fhZUoHMjmCm6Ud+zyXc6dnS3vt05IVqCVhT6DDt:fhZUosjmCmN+mRnI+m6

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks