MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfd47d618a2b834721c1d92e04fde437f102317abfadd716b308ff6e85251733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BluStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	cfd47d618a2b834721c1d92e04fde437f102317abfadd716b308ff6e85251733
SHA3-384 hash:	d4aed8967c5b502dd742dbc10937183aff487b73189386d4d2de540be14659dbc2795cb88d1934c301f58006af02866d
SHA1 hash:	4e5d98b5b6797348b17d14b557519c9f738b01b7
MD5 hash:	bd2911bbd384af389decdba086b7c19b
humanhash:	illinois-eleven-johnny-pennsylvania
File name:	Quotation - Drawing Data Base .xlsx.rar
Download:	download sample
Signature	BluStealer Create hunting rule
File size:	38'625 bytes
First seen:	2022-08-03 07:44:29 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	768:KMPtosjpqtfKDt9DuGEuPh/FU+Biv0L4a/pz144QCuq54Lpy7/UtePGmh:dktiDHuGj6vta/pzm4JuNg7TX
TLSH	T1B103F2C354BE260A0FD98EDC0F3815DAF46D1194A1AC612A339CD9637B2325E78617DE
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter	cocaman
Tags:	BluStealer QUOTATION rar

cocaman

Malicious email (T1566.001)
From: "Hussein A. ElSayed <H.ElSayed@kcmak.net>" (likely spoofed)
Received: "from kcmak.net (unknown [163.123.143.117]) "
Date: "02 Aug 2022 16:02:57 -0700"
Subject: "Request For Quotation Description!! lgpartner.ch"
Attachment: "Quotation - Drawing Data Base .xlsx.rar"

Intelligence

File Origin

# of uploads :

# of downloads :

250

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.27214.RarHeur.nocdb.UNOFFICIAL

SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL

Gathering data

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cfd47d618a2b834721c1d92e04fde437f102317abfadd716b308ff6e85251733/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2022-08-03 01:16:25 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

21 of 40 (52.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z7kh2ymkfobuoiob3exaj7peg7yqeml2x6w5ofvtbd7w5bjfc4zq._file

Result

Malware family:

blustealer

Score:

10/10

Tags:

family:blustealer stealer

Link:

https://tria.ge/reports/220803-jld72shgck/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

BluStealer

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/cfd47d618a2b834721c1d92e04fde437f102317abfadd716b308ff6e85251733

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BluStealer

rar cfd47d618a2b834721c1d92e04fde437f102317abfadd716b308ff6e85251733

(this sample)

BluStealer

exe dceab4eabbcf9787ac9a36c289afaa036782a24edd35523fb3072b030029faf2

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 dceab4eabbcf9787ac9a36c289afaa036782a24edd35523fb3072b030029faf2

Dropping

MD5 11e1af92f7cceed0e7b989b40c6be67e

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample