Overview

overview

10

Static

static

3

RFQ 10050395.exe

windows7-x64

10

RFQ 10050395.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e87f217deed61518ae6844502a46ea3a33bfcb735050678e6c3a22acde573552

  • Size

    703KB

  • Sample

    241223-3sbkaavpgx

  • MD5

    7c79d98daa21893ed81c880f3c5cfefe

  • SHA1

    13c4bf8e1a99fb52fee503d75f463c94363b5f34

  • SHA256

    e87f217deed61518ae6844502a46ea3a33bfcb735050678e6c3a22acde573552

  • SHA512

    edabf6fb81044a438134fbeeadd466610b76c12a2a4cbbdf0d240c15e651a3042a4ec243756e8009cad3a93e78ca1d9ec49796384a892547f35c0353627beb72

  • SSDEEP

    12288:z+hPIgsbL4ENNuEIhXd2ybZNlmjXzd6dWrHCHjwF93xj0xWBkfjzPewA:zqAN/4rEdikrzdAFjwXxj0YSfXI

Score
10/10
blustealercollectiondiscoverystealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5330579892:AAHDIOXrD-d-pMU_JI4pPczBI962-9fokRs/sendMessage?chat_id=1494890429

Targets

    • Target

      RFQ 10050395.bin

    • Size

      733KB

    • MD5

      208b8885063f4562e1e181c63f155bd1

    • SHA1

      b0071008c3ae769433c6c71acd49c80a4b5a853d

    • SHA256

      a47f1b1a2995865a081e270569e3cb0857d3af3759c2e06b72e3f418e9611a87

    • SHA512

      96f48b489308904e883c004514cc0cd33cfeb893f03e4f9d9454b88c95c991cad2b9773040c4a9d08d524d0f79cf7232e4cc81352ea0a0100c4c7dbf99c5e3f7

    • SSDEEP

      12288:2oskPRxliW1b0LxY7GM2NPdqysk6iQrWE8Y8Ll1ytjkJhLIsbpGNjFLSlaE3y69U:2oskPRrhbi22hdqyMWEPgylkJhbbpalp

    Score
    10/10
    blustealercollectiondiscoverystealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Blustealer family

      blustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks