Overview

overview

10

Static

static

3

5b55d6c34f...18.exe

windows7-x64

10

5b55d6c34f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b55d6c34fb68f8b4bc9e361ee038641_JaffaCakes118

  • Size

    684KB

  • Sample

    241019-hg35yasemh

  • MD5

    5b55d6c34fb68f8b4bc9e361ee038641

  • SHA1

    89e0d1840e1d4e6a708e0fabf376609863377a9f

  • SHA256

    a636ac86f3f8c1341dd201eedfd702495aa0e313322d5c1318a5d1b623f0bb9d

  • SHA512

    c45fb18cf1cf3aaea3ccc4425e12841c7c90cb610894f85e19c5fe831bfb8e93aab92572688a07e0677fd829023e5a963ff894045eef98941b54da56befffffc

  • SSDEEP

    12288:0XCYJDX9rBoUX58/sSHZ4+3hGx5DkYjSs2:JYJDFBFX5CsMQ5dSs2

Score
10/10
blustealerdiscoverypersistencestealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    reptw.xyz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    52u[w;$s$7Mn

Targets

    • Target

      5b55d6c34fb68f8b4bc9e361ee038641_JaffaCakes118

    • Size

      684KB

    • MD5

      5b55d6c34fb68f8b4bc9e361ee038641

    • SHA1

      89e0d1840e1d4e6a708e0fabf376609863377a9f

    • SHA256

      a636ac86f3f8c1341dd201eedfd702495aa0e313322d5c1318a5d1b623f0bb9d

    • SHA512

      c45fb18cf1cf3aaea3ccc4425e12841c7c90cb610894f85e19c5fe831bfb8e93aab92572688a07e0677fd829023e5a963ff894045eef98941b54da56befffffc

    • SSDEEP

      12288:0XCYJDX9rBoUX58/sSHZ4+3hGx5DkYjSs2:JYJDFBFX5CsMQ5dSs2

    Score
    10/10
    blustealerdiscoverypersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks