Overview

overview

10

Static

static

3

2e6372abf5...18.exe

windows7-x64

10

2e6372abf5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e6372abf5c58a233b273eb612950567_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241009-k1mneasbqp

  • MD5

    2e6372abf5c58a233b273eb612950567

  • SHA1

    aed459512d857a0a6248cc9cb5785963a335b47e

  • SHA256

    27f824a80ebdad6b53d01f487ecb17616c0a2a9d9700ca3be3b1c1a24cdc1f71

  • SHA512

    ce06d3aa738e8f466c0e2be8cd9e2a79c286f4af4c7ed88da95d8b93bfa998e705eb25b6f5c9ae8d1d11fe4787f0c743edefae985d8756e822b1b003fcd61107

  • SSDEEP

    24576:7bx5ACyRtvPExqgcSSu5bqhD92oK8t7yz5b/UXq60Lnyx2M3TttxnvR:vAVRBPhbSFAhcKtYiq60LnKTVnp

Score
10/10
blustealerdiscoverystealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    efinancet.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    HCYis3WEB8!Z

Targets

    • Target

      2e6372abf5c58a233b273eb612950567_JaffaCakes118

    • Size

      1.3MB

    • MD5

      2e6372abf5c58a233b273eb612950567

    • SHA1

      aed459512d857a0a6248cc9cb5785963a335b47e

    • SHA256

      27f824a80ebdad6b53d01f487ecb17616c0a2a9d9700ca3be3b1c1a24cdc1f71

    • SHA512

      ce06d3aa738e8f466c0e2be8cd9e2a79c286f4af4c7ed88da95d8b93bfa998e705eb25b6f5c9ae8d1d11fe4787f0c743edefae985d8756e822b1b003fcd61107

    • SSDEEP

      24576:7bx5ACyRtvPExqgcSSu5bqhD92oK8t7yz5b/UXq60Lnyx2M3TttxnvR:vAVRBPhbSFAhcKtYiq60LnKTVnp

    Score
    10/10
    blustealerdiscoverystealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks