Overview

overview

10

Static

static

3

Airway Bil...79.exe

windows7-x64

10

Airway Bil...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e7c0e7644a9bfea72e2ba3087a2b6859

  • Size

    637KB

  • Sample

    250110-sxpmla1kfp

  • MD5

    e7c0e7644a9bfea72e2ba3087a2b6859

  • SHA1

    69d39503a20ee9456f3b867d351e164b5db38cbc

  • SHA256

    b56d4ab0764e9a3cdcaa5c369dd48fb6e16541acd08da86ac0e53f45f6bf7ed0

  • SHA512

    80fdd51f5c0ee0a957d905102572f45f26e3ddc20c10d4750fe97a8dbbe63807d2c08d3aaa436a683f4c694fea60db257ab7cada073d779d885fa97fae26e27a

  • SSDEEP

    12288:vxR2fRZdgurF9etyzWT/bdWXGfKfxevgDvUCk9lO6O6onSo0/59+OSesp:vxa/wo6jbdsAvgDfk9lO65oSfHdSe6

Score
10/10
blustealerdiscoverystealer

Malware Config

Targets

    • Target

      Airway Bill Receipt - #50773009879.exe

    • Size

      1.1MB

    • MD5

      147df2e568f7f1ab66c80ee3750071c8

    • SHA1

      95ae7d0650f3c0b3983bbc6c17e1906b3e885a08

    • SHA256

      37a00c3fa2945635f627455fbe31e05146c69427df5dab9b9d0fa21a1bb14cb3

    • SHA512

      e84bfb4b743377ea2d6fe1248ffa2e433b5d4d23d83c394ac6f92fb58cc840327eb734a87b21727bdad89f42ef522044710024ce5d5e6ec6808d1fd2ca39d694

    • SSDEEP

      24576:w7rjjcpyXb3wGvgHFk9hYATuKYLLow2Fxa/a:cWyLKttLofxay

    Score
    10/10
    blustealerdiscoverystealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Blustealer family

      blustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks