Overview

overview

10

Static

static

3

fda687e3f7...18.exe

windows7-x64

10

fda687e3f7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fda687e3f7ee2e46c4094d557f137ff8_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240420-zym9gshh86

  • MD5

    fda687e3f7ee2e46c4094d557f137ff8

  • SHA1

    f1e13dd8b5f869045bdc15de6303e5cfcc7c4cff

  • SHA256

    674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789

  • SHA512

    d47b72db111b19669d8bf5575fedc11bb01ff220b0929b09dd061efd612f55093d708fe5007f0e60732defd5de6868e898fba55270b0fa449f5ab766097109e0

  • SSDEEP

    24576:/WN565751UbTCg1XJ2qg4rSs3S1KqFHTwfs89UrmMnfk/iQ2+S0d:/q65rUbTCg1wFsqBZMfsaU9fk/Pj

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    mail.starkgulf.com
  • Port:
    587
  • Username:
    info@starkgulf.com
  • Password:
    info123#

Targets

    • Target

      fda687e3f7ee2e46c4094d557f137ff8_JaffaCakes118

    • Size

      1.5MB

    • MD5

      fda687e3f7ee2e46c4094d557f137ff8

    • SHA1

      f1e13dd8b5f869045bdc15de6303e5cfcc7c4cff

    • SHA256

      674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789

    • SHA512

      d47b72db111b19669d8bf5575fedc11bb01ff220b0929b09dd061efd612f55093d708fe5007f0e60732defd5de6868e898fba55270b0fa449f5ab766097109e0

    • SSDEEP

      24576:/WN565751UbTCg1XJ2qg4rSs3S1KqFHTwfs89UrmMnfk/iQ2+S0d:/q65rUbTCg1wFsqBZMfsaU9fk/Pj

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks