Overview

overview

10

Static

static

3

JaffaCakes...c8.exe

windows7-x64

10

JaffaCakes...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_147df2e568f7f1ab66c80ee3750071c8

  • Size

    1.1MB

  • Sample

    250106-hj7adayrbx

  • MD5

    147df2e568f7f1ab66c80ee3750071c8

  • SHA1

    95ae7d0650f3c0b3983bbc6c17e1906b3e885a08

  • SHA256

    37a00c3fa2945635f627455fbe31e05146c69427df5dab9b9d0fa21a1bb14cb3

  • SHA512

    e84bfb4b743377ea2d6fe1248ffa2e433b5d4d23d83c394ac6f92fb58cc840327eb734a87b21727bdad89f42ef522044710024ce5d5e6ec6808d1fd2ca39d694

  • SSDEEP

    24576:w7rjjcpyXb3wGvgHFk9hYATuKYLLow2Fxa/a:cWyLKttLofxay

Score
10/10
blustealerdiscoverystealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    budgetn.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    FLM[l0rL!SL5

Targets

    • Target

      JaffaCakes118_147df2e568f7f1ab66c80ee3750071c8

    • Size

      1.1MB

    • MD5

      147df2e568f7f1ab66c80ee3750071c8

    • SHA1

      95ae7d0650f3c0b3983bbc6c17e1906b3e885a08

    • SHA256

      37a00c3fa2945635f627455fbe31e05146c69427df5dab9b9d0fa21a1bb14cb3

    • SHA512

      e84bfb4b743377ea2d6fe1248ffa2e433b5d4d23d83c394ac6f92fb58cc840327eb734a87b21727bdad89f42ef522044710024ce5d5e6ec6808d1fd2ca39d694

    • SSDEEP

      24576:w7rjjcpyXb3wGvgHFk9hYATuKYLLow2Fxa/a:cWyLKttLofxay

    Score
    10/10
    blustealerdiscoverystealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Blustealer family

      blustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks