blustealer | 3879b7d1e92d9b91e94c83e35421b6b64c1e529e28335962c1da8626b0a29d83 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

doc2022001...df.exe

windows7-x64

doc2022001...df.exe

windows10-2004-x64

Sharing

General

Target

doc2022001001001.pdf.exe
Size

1.2MB
Sample

220803-q8dy5abgf2
MD5

39b7ffa8957fe5a6ca72cca183a67d42
SHA1

41b478d0dbf80cf8a6fffc1b14230c193ae124e5
SHA256

3879b7d1e92d9b91e94c83e35421b6b64c1e529e28335962c1da8626b0a29d83
SHA512

43ebc7daf28ebf5ebc8016533e26b13d1e185610690badcf613af20f6e3ff66d7c0adc71dec714c50c06359182f421f3cf05983af2252c5fdd8375c1fa2631e2

Score

10^/10

blustealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

doc2022001001001.pdf.exe

Resource

win7-20220715-en

blustealer stealer

windows7-x64

8 signatures

600 seconds

Behavioral task

behavioral2

Sample

doc2022001001001.pdf.exe

Resource

win10v2004-20220722-en

blustealer stealer

windows10-2004-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5420760971:AAH01qjNE4a_MymOsvjAcXOxeYA3Wd9XCkE/sendMessage?chat_id=1856108848

Targets

- Target
  
  doc2022001001001.pdf.exe
- Size
  
  1.2MB
- MD5
  
  39b7ffa8957fe5a6ca72cca183a67d42
- SHA1
  
  41b478d0dbf80cf8a6fffc1b14230c193ae124e5
- SHA256
  
  3879b7d1e92d9b91e94c83e35421b6b64c1e529e28335962c1da8626b0a29d83
- SHA512
  
  43ebc7daf28ebf5ebc8016533e26b13d1e185610690badcf613af20f6e3ff66d7c0adc71dec714c50c06359182f421f3cf05983af2252c5fdd8375c1fa2631e2
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer

© 2018-2025

Terms | Privacy