blustealer | dfb02aea4ef548939b2aad3dae07655f55649dcd81ef0d36ed7d9307b4aafea8 | Triage

Sharing

General

Target

Swift Remittance (M-103)-USD-565.arj
Size

641KB
Sample

220727-qe6gaaebcl
MD5

cbc02f55fd393a2431a28c9dcb0bbac7
SHA1

aa58f60ec76c72276456968784237b3ae5ae263a
SHA256

dfb02aea4ef548939b2aad3dae07655f55649dcd81ef0d36ed7d9307b4aafea8
SHA512

df6d12eb8c35612fabf8a863dc250c1c62a2474782843837074fa3d431ca48dc2ff0e2e815207883be5b3b371e79ceb63e9bd444ae8c4c56b376dd99064fa6ba

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
barkoner

Targets

- Target
  
  Swift Remittance (M-103)-USD-565.exe
- Size
  
  678KB
- MD5
  
  acce170c053656447b94bf4f1b47b272
- SHA1
  
  2203b6a8201c47b505fc2f65831ecbbcc7f3d65a
- SHA256
  
  15f15c2249333a073c8ba95ebd2e8c23d0778ecc0c83fe9bc80d36513037ad2b
- SHA512
  
  fafb1564a47cfbf4ae011129c2b52f3db78d4250d59068381d71423df221d23b0e9ef29f9ea5efcd159bcb161d678cdf1a0fb987de6a708f2d83aa13c45c4c8e
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer