MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39783276f1af854d10a9ab527fc362c912a51e487e726c97ebfd69419526db8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BluStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39783276f1af854d10a9ab527fc362c912a51e487e726c97ebfd69419526db8e
SHA3-384 hash: 016abb93ed6d45e92cc20bc4a7d07134d05b722be224c0d4e7df734f23162139e46a49cca36634103a8cfd94b0ebaad4
SHA1 hash: bf06cb157fa08e4c21e5d59892b5bf7e3958e13b
MD5 hash: a8643fe2ffa8f2e775c07707f7f3c9b9
humanhash: moon-grey-black-table
File name:Micro tunneling Drawings.pdf1.4MB.rar
Download: download sample
Signature BluStealer
Create hunting rule
File size:38'621 bytes
First seen:2022-08-03 07:44:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:iMPtosjpqtfKDt9DuGEuPh/FU+Biv0L4a/pz144QCuq54Lpy7/UtePGmJ:lktiDHuGj6vta/pzm4JuNg7TH
TLSH T1C503F28359BE26060ED98DDC0F3815DAF46D1194A1AC613A33DCD9637B2325E78617CE
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:BluStealer QUOTATION rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Hussein A. ElSayed <H.ElSayed@kcmak.net>" (likely spoofed)
Received: "from kcmak.net (unknown [163.123.143.117]) "
Date: "02 Aug 2022 16:02:57 -0700"
Subject: "Request For Quotation Description!! lgpartner.ch"
Attachment: "Micro tunneling Drawings.pdf1.4MB.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39783276f1af854d10a9ab527fc362c912a51e487e726c97ebfd69419526db8e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-08-03 00:01:51 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
22 of 40 (55.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hf4de5xrv6cu2efjvnjh7q3czejkkhsipzzgzf7l7vuudfjg3oha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220803-jld72shgbr/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/39783276f1af854d10a9ab527fc362c912a51e487e726c97ebfd69419526db8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BluStealer

rar 39783276f1af854d10a9ab527fc362c912a51e487e726c97ebfd69419526db8e

(this sample)

BluStealer

Executable exe dceab4eabbcf9787ac9a36c289afaa036782a24edd35523fb3072b030029faf2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dceab4eabbcf9787ac9a36c289afaa036782a24edd35523fb3072b030029faf2
  
Dropping
MD5 11e1af92f7cceed0e7b989b40c6be67e

Comments