blustealer | 490927a7b7b1ca503f441cdef5a29bd1219ec536d4f2f1d941397b1ff68649d1 | Triage

Sharing

General

Target

944-60-0x0000000000400000-0x0000000000492000-memory.dmp
Size

584KB
Sample

220804-q6be8agehm
MD5

db11405ee8bfe7293c417abab8dc309c
SHA1

71ea05a8e6d66c2c4890fe0b31b918362bf6268d
SHA256

490927a7b7b1ca503f441cdef5a29bd1219ec536d4f2f1d941397b1ff68649d1
SHA512

eb75bc7971b454695eaea02ba0dd21e8b4a39fec2579e85f19bbba0ea3ecb96546dc85d0e74332d2ffa1e22d7401b22cdb2acc84a4b6c022c5c45d4d0d7de24e

Score

10^/10

blustealer spyware stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5424772161:AAH6VQSqwjXeoEOdtG4956oBr1sLrNy1vkE/sendMessage?chat_id=2053442539

Targets

- Target
  
  944-60-0x0000000000400000-0x0000000000492000-memory.dmp
- Size
  
  584KB
- MD5
  
  db11405ee8bfe7293c417abab8dc309c
- SHA1
  
  71ea05a8e6d66c2c4890fe0b31b918362bf6268d
- SHA256
  
  490927a7b7b1ca503f441cdef5a29bd1219ec536d4f2f1d941397b1ff68649d1
- SHA512
  
  eb75bc7971b454695eaea02ba0dd21e8b4a39fec2579e85f19bbba0ea3ecb96546dc85d0e74332d2ffa1e22d7401b22cdb2acc84a4b6c022c5c45d4d0d7de24e
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2