Overview

overview

10

Static

static

1

6c3daf16b3...18.exe

windows7-x64

10

6c3daf16b3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c3daf16b35fdfdd63cf8e229056ff05_JaffaCakes118

  • Size

    723KB

  • Sample

    241022-2ynw5a1aqp

  • MD5

    6c3daf16b35fdfdd63cf8e229056ff05

  • SHA1

    2dfcd7cf46b1eaa6ff40b1528e662789b4e1c5da

  • SHA256

    3c17d6b6676bffb1a963784f757c163023961aa29364aeaa0f78d2790ed5b073

  • SHA512

    a954cf625cc6d911dffaabe390bfac427d1517c9e2a3206120e6bc0d855c2da796c3b5d1d98dc704bd07b9b801dd6509f7e8eae1ec09efe9c9debd0a888c5ec0

  • SSDEEP

    12288:p5b9bhm2xC/Gfl5+cuIfmnCy0oAU2Mij/2CoIDIaNylGAE0eyvU1:z9btxCy+n4o5+juL03DAxez1

Score
10/10
blustealerdiscoverypersistencestealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    restd.club
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @433u7a~IdTF

Targets

    • Target

      6c3daf16b35fdfdd63cf8e229056ff05_JaffaCakes118

    • Size

      723KB

    • MD5

      6c3daf16b35fdfdd63cf8e229056ff05

    • SHA1

      2dfcd7cf46b1eaa6ff40b1528e662789b4e1c5da

    • SHA256

      3c17d6b6676bffb1a963784f757c163023961aa29364aeaa0f78d2790ed5b073

    • SHA512

      a954cf625cc6d911dffaabe390bfac427d1517c9e2a3206120e6bc0d855c2da796c3b5d1d98dc704bd07b9b801dd6509f7e8eae1ec09efe9c9debd0a888c5ec0

    • SSDEEP

      12288:p5b9bhm2xC/Gfl5+cuIfmnCy0oAU2Mij/2CoIDIaNylGAE0eyvU1:z9btxCy+n4o5+juL03DAxez1

    Score
    10/10
    blustealerdiscoverypersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks