blustealer

Resubmissions

15/09/2022, 17:59

220915-wkw3padgb3 3

15/09/2022, 17:56

220915-wh3gpadga8 3

22/07/2022, 19:25

220722-x4ylashdfl 10

22/07/2022, 17:20

220722-vwqvdaggfl 10

Sharing

Copy URL

Twitter E-mail

General

Target

ae446abadd3c46a971632492379c78be-sample.zip
Size

6KB
Sample

220722-vwqvdaggfl
MD5

a3cd13bd49a17001e64b7645a535f6b5
SHA1

cdaf753795b9c4f6fa0969e976c1bb11ad3d7f9a
SHA256

af7b23bd61e2a87ccdbcfcb062e8da2723f1a72640623406a1dc81c6b2667f81
SHA512

3578a834c460e716dd30718ab29d2f9fbe617d60943e5a287d5474d92f60fa6a78783e666078f31b6e1d82581efdb89defa42da01350525b6802867e3eacedd0

Score

10^/10

Malware Config

Extracted

Family

blustealer

https://api.telegram.org/bot5432809476:AAHtE5EDW3VQZZBLnEbEZpHEIJz5LbF0no/sendMessage?chat_id=5571556378

Targets

- Target
  
  ORDER3763873.exe
- Size
  
  13KB
- MD5
  
  fcf1a0e7b406505e0aaa094393d45d72
- SHA1
  
  cde2a1b3ef89f2b4c7a2048fa2d959e02c29008e
- SHA256
  
  352dd25fbf999c5e12526187390be9af7019db7c165f2e9e76fe7d1cd4bece3b
- SHA512
  
  5db78c6c157174cac8f010e8cf00d412a10703dd543ad224c7d81cb9b65b0a03891be95615dc57165761d433a673f316495e825e7a615d57b08b846fb3e52304
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Downloads MZ/PE file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2