Overview

overview

10

Static

static

3

67491c190a...18.exe

windows7-x64

10

67491c190a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67491c190a2fcaa9e6beaa3170ff36ec_JaffaCakes118

  • Size

    735KB

  • Sample

    241021-zb8a5swhll

  • MD5

    67491c190a2fcaa9e6beaa3170ff36ec

  • SHA1

    7ca0a5302aad250079fed8c6e6ae8970a6d94bf1

  • SHA256

    07b5f28986974af72c104d73b7cb807065e82b812d3686dd5b9bf7636032dad0

  • SHA512

    6078548ab6c67758dd2fde1a703b77fcfc38858604086d7deacaf511fd63ee39984c7ee1fc7188503d70839ace2466f4ed8efd141513f2be9d2c2ce5e1f025f4

  • SSDEEP

    12288:vCiBiCbOCWbmb49llets2gKf1a03Bfa0LXUOl03viwA3:vT4Nzmb49DpYf1a8a0LLC/ij

Score
10/10
blustealerdiscoverypersistencestealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    bojtai.club
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    S8(OUzB)pvph

Targets

    • Target

      67491c190a2fcaa9e6beaa3170ff36ec_JaffaCakes118

    • Size

      735KB

    • MD5

      67491c190a2fcaa9e6beaa3170ff36ec

    • SHA1

      7ca0a5302aad250079fed8c6e6ae8970a6d94bf1

    • SHA256

      07b5f28986974af72c104d73b7cb807065e82b812d3686dd5b9bf7636032dad0

    • SHA512

      6078548ab6c67758dd2fde1a703b77fcfc38858604086d7deacaf511fd63ee39984c7ee1fc7188503d70839ace2466f4ed8efd141513f2be9d2c2ce5e1f025f4

    • SSDEEP

      12288:vCiBiCbOCWbmb49llets2gKf1a03Bfa0LXUOl03viwA3:vT4Nzmb49DpYf1a8a0LLC/ij

    Score
    10/10
    blustealerdiscoverypersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks