blustealer | fd962f72de43438e9d5d9c104deffb4c66ff599a670eabddc9ce47c3ace31e4e | Triage

Sharing

General

Target

AMC-C1702-2022-TRADING.arj
Size

654KB
Sample

220727-pck7wsdfdk
MD5

ef225516b51d110e075c4a1cbb7b97c8
SHA1

9d7d486fb914e1bd31e7c0364c6e81f37dc4596b
SHA256

fd962f72de43438e9d5d9c104deffb4c66ff599a670eabddc9ce47c3ace31e4e
SHA512

cea9806a911a73f89c615b046a58df5e7f125cf022a9ecfdb155cd40e6bbf89dda348981a3ef865c64165fe815bed6108bc6a5b0aa2baef40049464efb6312c6

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
barkoner

Targets

- Target
  
  AMC-C1702-2022-TRADING.exe
- Size
  
  823KB
- MD5
  
  7cb6bad3520dfe8cf6f6c430eb822230
- SHA1
  
  79c40a60a489e81e0984e3fd5977086b82d4da7e
- SHA256
  
  5acba03de2ea77f11d0ad772a6141ca9e6f3305c00a468ebcb10c2608722a474
- SHA512
  
  eeda9a5473768cc80f3f2e6229cea0049932d239cf6762395647b52cfeb4dde75980425889ebb0002e260ed8015cb812c7265cc7c6455acb35a9c4df5e5c2634
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer