Overview

overview

10

Static

static

1

T98765434567898.exe

windows7_x64

10

T98765434567898.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    T98765434567898.exe

  • Size

    1.2MB

  • Sample

    211012-pf2daacccq

  • MD5

    abb26d1600dda55b1004b39d569178a8

  • SHA1

    8e6cba40d4ddd9d6ff6b781f79febbb47e58855b

  • SHA256

    1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387

  • SHA512

    8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Targets

    • Target

      T98765434567898.exe

    • Size

      1.2MB

    • MD5

      abb26d1600dda55b1004b39d569178a8

    • SHA1

      8e6cba40d4ddd9d6ff6b781f79febbb47e58855b

    • SHA256

      1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387

    • SHA512

      8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks