blustealer | a7cce7b44e791b44a67edeec0489858b4ba9d1a82464d4148a6f691a4e86e93c | Triage

Sharing

General

Target

0a424c71b75fecfb42fb0e2b17f1c6bc.exe
Size

1.3MB
Sample

211011-jz1cfagfdl
MD5

0a424c71b75fecfb42fb0e2b17f1c6bc
SHA1

672ef8db0788b4dad4d4fe2853573140448447f6
SHA256

a7cce7b44e791b44a67edeec0489858b4ba9d1a82464d4148a6f691a4e86e93c
SHA512

b744c61ff97d08c2112b1ac752fabd057efe2e5b7a70f2c65ed5e2c83960b763cf444f99e3f5a285578b31a10ee33c016e95e2d2979fd2bc09c69e941a2615dc

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.dm-teh.com
Port:
587
Username:
[email protected]
Password:
Vm@(O;CO.vEQ

Targets

- Target
  
  0a424c71b75fecfb42fb0e2b17f1c6bc.exe
- Size
  
  1.3MB
- MD5
  
  0a424c71b75fecfb42fb0e2b17f1c6bc
- SHA1
  
  672ef8db0788b4dad4d4fe2853573140448447f6
- SHA256
  
  a7cce7b44e791b44a67edeec0489858b4ba9d1a82464d4148a6f691a4e86e93c
- SHA512
  
  b744c61ff97d08c2112b1ac752fabd057efe2e5b7a70f2c65ed5e2c83960b763cf444f99e3f5a285578b31a10ee33c016e95e2d2979fd2bc09c69e941a2615dc
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerstealer