blustealer | JaffaCakes118_d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6
Size

390KB
MD5

5ef571266d504223c1a7bf691afa5cd6
SHA1

f988001ad05d9f7c815b063d472fdca20b33aed5
SHA256

d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6
SHA512

b39a491d093e82ec06120231c590ad83605075b65fbbbcc36c0be6288657c3e9ec6ce36a505fd6b88845a7cb5ce6bdaa3e6aefb3c4a826e92476003018b21c5a
SSDEEP

6144:1LNMiEalCzYB1GyH1lhONhO7VAzK6Guz/OEWoHCj34+aV3gBPPLvT3Wi6rit8:1LDlEYxluY7WZFV3gBrb376et8

Score

10^/10

blustealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.dm-teh.com
Port:
587
Username:
[email protected]
Password:
Vm@(O;CO.vEQ

Signatures

Blustealer family
blustealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8bef9914316ad50fba06565f6b28596b2548affd3306d07c66123885b5fe8a6f

Files

JaffaCakes118_d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6
.zip

Password: infected
8bef9914316ad50fba06565f6b28596b2548affd3306d07c66123885b5fe8a6f
.exe windows:4 windows x86 arch:x86

6ec320695a6a58a7ee41d2f9e8a4623c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaForEachCollAd
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord667
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord592
ord593
__vbaForEachCollObj
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaCyStr
__vbaBoolVar
ord521
__vbaRefVarAry
__vbaBoolVarNull
__vbaVarTstLt
ord523
_CIsin
__vbaErase
ord631
ord709
__vbaVarCmpGt
ord632
ord525
__vbaVarZero
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaVarCmpLe
ord531
ord716
__vbaFPException
ord532
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaInStr
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarSetVar
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
_CIatan
__vbaAryCopy
ord618
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
__vbaForEachVar
ord619
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaStrCy
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

6ec320695a6a58a7ee41d2f9e8a4623c

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 105KB - Virtual size: 108KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 357KB - Virtual size: 357KB

.text
Size: 105KB - Virtual size: 108KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 357KB - Virtual size: 357KB