General

  • Target

    f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118

  • Size

    715KB

  • Sample

    240417-29mhfaad6s

  • MD5

    f6ca0052f508770f499eaddb5dfdefa5

  • SHA1

    83b1cdaa08b1e5c32b5baed55c22608ce9d01944

  • SHA256

    01dccd80e7c6948853bacb394d25995d5886f84c05bfbb506b4c5862d8221901

  • SHA512

    cc6c3739d611d66a7b3aeb248212c97cad3341e989d0855dd2d960464b656eb2cb4facaff0bda95632d415e40d06f94af2e13c6105caa1263a9bfb4f21dde2d1

  • SSDEEP

    12288:8AIfVYIdFMXgcisxVmXldFPaNGhC5VMgSxLH49TWwp8u911p0ziyMtSUPaTfrgKy:2V5zMbiMVAlbPaNG2egFTW+8AsiAUPa6

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:
    smtp
  • Host:
    restd.club
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mQJrXsvkEb#S

Targets

    • Target

      f6ca0052f508770f499eaddb5dfdefa5_JaffaCakes118

    • Size

      715KB

    • MD5

      f6ca0052f508770f499eaddb5dfdefa5

    • SHA1

      83b1cdaa08b1e5c32b5baed55c22608ce9d01944

    • SHA256

      01dccd80e7c6948853bacb394d25995d5886f84c05bfbb506b4c5862d8221901

    • SHA512

      cc6c3739d611d66a7b3aeb248212c97cad3341e989d0855dd2d960464b656eb2cb4facaff0bda95632d415e40d06f94af2e13c6105caa1263a9bfb4f21dde2d1

    • SSDEEP

      12288:8AIfVYIdFMXgcisxVmXldFPaNGhC5VMgSxLH49TWwp8u911p0ziyMtSUPaTfrgKy:2V5zMbiMVAlbPaNG2egFTW+8AsiAUPa6

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks