blustealer | ea5a8a4d5e3180f4958be147f31947948eb8f1fd1c5f2a841988acc8d05d3a4c

Analysis

max time kernel
81s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2022 06:03

Target

sample.pdf.exe
Size

201KB
MD5

2aa93fb4ec6c724e0cf33e46519600d6
SHA1

ccb75105251231f5c30ced69d08a6fd9d8a06637
SHA256

ea5a8a4d5e3180f4958be147f31947948eb8f1fd1c5f2a841988acc8d05d3a4c
SHA512

da8dcb7b30fd00ed98b0c6ad6efcd56a1b0b84a6799bf83263da4744b6b8a4cfb35a395bdc9639d3f6e4f94793c02ff4ff9d0f6eb8b5b9890e702a2aa7866e9b

Score

10^/10

BluStealer
A Modular information stealer written in Visual Basic.
stealer blustealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4576 set thread context of 2144	4576	sample.pdf.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2144	cvtres.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81
PID 4576 wrote to memory of 2144	4576	sample.pdf.exe	81

C:\Users\Admin\AppData\Local\Temp\sample.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\sample.pdf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2144

memory/2144-132-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2144-134-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2144-137-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2144-138-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4576-130-0x0000000000810000-0x0000000000846000-memory.dmp

Filesize
216KB

Download