blustealer | 9b83c1efc74833172375826612ca54ccf601b3b2bf24dab96b63da8a41dfbeb8 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

6

tmp.exe

windows10-2004-x64

6

Sharing

General

Target

tmp
Size

440KB
Sample

220729-qcn48aadgq
MD5

50de304cffc8136ad4710f12411bb8b9
SHA1

c33513570bc9a709cd1b6c8a74f4eea0d5e8068c
SHA256

9b83c1efc74833172375826612ca54ccf601b3b2bf24dab96b63da8a41dfbeb8
SHA512

9a77a5ac3c2a06aaf2b96117a4a557f3fe7de8a8a00888898c8245b6338550664ae0cae35681b0454661413c0f412180637b74707983ef31740ac252f3bfd1fa

Score

10^/10

blustealer collection

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220718-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5342659004:AAGqxS1lLf8YUjRqLBmCvuPBmTvA5EVHVE/sendMessage?chat_id=5464330552

Targets

- Target
  
  tmp
- Size
  
  440KB
- MD5
  
  50de304cffc8136ad4710f12411bb8b9
- SHA1
  
  c33513570bc9a709cd1b6c8a74f4eea0d5e8068c
- SHA256
  
  9b83c1efc74833172375826612ca54ccf601b3b2bf24dab96b63da8a41dfbeb8
- SHA512
  
  9a77a5ac3c2a06aaf2b96117a4a557f3fe7de8a8a00888898c8245b6338550664ae0cae35681b0454661413c0f412180637b74707983ef31740ac252f3bfd1fa
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.