blustealer | c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

E7pPa8kXU2...in.exe

windows7_x64

E7pPa8kXU2...in.exe

windows10_x64

Resubmissions

26/10/2021, 17:29 UTC

211026-v2vqhsaac9 10

26/10/2021, 17:18 UTC

211026-vvfm1saab6 6

Sharing

General

Target

E7pPa8kXU2X9H8nyCZseBfpdf.bin
Size

668KB
Sample

211026-v2vqhsaac9
MD5

e168c49cc388f05d310f780f70661c47
SHA1

1837a8448300159ba08992c39386354b676674e4
SHA256

c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb
SHA512

e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7

Score

10^/10

blustealer persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

E7pPa8kXU2X9H8nyCZseBfpdf.bin.exe

Resource

win7-en-20210920

blustealer persistence stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

E7pPa8kXU2X9H8nyCZseBfpdf.bin.exe

Resource

win10-en-20210920

blustealer persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
hulu@budgetn.shop
Password:
s)Z4bO(8nKHT

Targets

- Target
  
  E7pPa8kXU2X9H8nyCZseBfpdf.bin
- Size
  
  668KB
- MD5
  
  e168c49cc388f05d310f780f70661c47
- SHA1
  
  1837a8448300159ba08992c39386354b676674e4
- SHA256
  
  c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb
- SHA512
  
  e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7
Score

10^/10

blustealer persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerpersistencestealer

behavioral2

blustealerpersistencestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.