blustealer | c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb | Triage

Resubmissions

26-10-2021 17:29

211026-v2vqhsaac9 10

26-10-2021 17:18

211026-vvfm1saab6 6

Sharing

General

Target

E7pPa8kXU2X9H8nyCZseBfpdf.bin
Size

668KB
Sample

211026-v2vqhsaac9
MD5

e168c49cc388f05d310f780f70661c47
SHA1

1837a8448300159ba08992c39386354b676674e4
SHA256

c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb
SHA512

e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7

Score

10^/10

blustealer persistence stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
s)Z4bO(8nKHT

Targets

- Target
  
  E7pPa8kXU2X9H8nyCZseBfpdf.bin
- Size
  
  668KB
- MD5
  
  e168c49cc388f05d310f780f70661c47
- SHA1
  
  1837a8448300159ba08992c39386354b676674e4
- SHA256
  
  c1fe976f336cf05401da21ffab8632a0511bbf8743c2e3ff4220c3e9bbf56dbb
- SHA512
  
  e4dee911649ef54eb23060846570dcd8371f3e6c05fddfcbf9bb1b5966864a795a7bc36bc6d06bdf8e077f79e763c6a324d8a19666cfb87cd23ce0ff71c4ccc7
Score

10^/10

blustealer persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerpersistencestealer

behavioral2

blustealerpersistencestealer