blustealer | 658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

6

tmp.exe

windows10-2004-x64

6

Sharing

General

Target

tmp
Size

440KB
Sample

220813-zbskpagfa9
MD5

441e8511c4bd646d55c6001a99057c8d
SHA1

25d14c05535d580bf13a2dcc48bf63eda296ea14
SHA256

658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c
SHA512

cc6cd104c6e37f375e8aaa1a9de1763cbaf8a6397bd4b53c63732d9422c8d53a7225bb5d0087055abb1de3b2fc5acbdb2c7b3d91a516982461f0e602a1a9d5f7

Score

10^/10

blustealer collection

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5449766717:AAHzRorvKI5URgvleGHlq6ZvqElY68-XL18/sendMessage?chat_id=1293496579

Targets

- Target
  
  tmp
- Size
  
  440KB
- MD5
  
  441e8511c4bd646d55c6001a99057c8d
- SHA1
  
  25d14c05535d580bf13a2dcc48bf63eda296ea14
- SHA256
  
  658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c
- SHA512
  
  cc6cd104c6e37f375e8aaa1a9de1763cbaf8a6397bd4b53c63732d9422c8d53a7225bb5d0087055abb1de3b2fc5acbdb2c7b3d91a516982461f0e602a1a9d5f7
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy