blustealer | 8615bc30555f0ccd60466d99d1fe9e20fba142a3141ddd13f8354f564c47135a

Analysis

max time kernel
56s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2022 09:34

Target

SecuriteInfo.com.W32.AIDetectNet.01.9123.exe
Size

1.1MB
MD5

e016090750d7ba7f0ea23beee330da11
SHA1

946fce67103c7a16711d9ba61e1b2f62236693b2
SHA256

8615bc30555f0ccd60466d99d1fe9e20fba142a3141ddd13f8354f564c47135a
SHA512

06f2f99e27a09ced989c49b7aa2c94f12d6d8d88467da9c7acadaba03856162d80b89b35d5e3f77410f4d4e4be882e6383221e047a35a1e6bdb48f20b11ab0ee

Score

10^/10

Family

blustealer

Credentials

BluStealer
A Modular information stealer written in Visual Basic.
stealer blustealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1576 set thread context of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3820	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77
PID 1576 wrote to memory of 3820	1576	SecuriteInfo.com.W32.AIDetectNet.01.9123.exe	77

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.9123.exe
  "{path}"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3820

memory/1576-132-0x00000000002B0000-0x00000000003C6000-memory.dmp

Filesize
1.1MB

Download
memory/1576-133-0x00000000052D0000-0x0000000005874000-memory.dmp

Filesize
5.6MB

Download
memory/1576-134-0x0000000004DC0000-0x0000000004E52000-memory.dmp

Filesize
584KB

Download
memory/1576-135-0x0000000004E60000-0x0000000004EFC000-memory.dmp

Filesize
624KB

Download
memory/1576-136-0x0000000004D70000-0x0000000004D7A000-memory.dmp

Filesize
40KB

Download
memory/3820-138-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3820-140-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3820-143-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3820-144-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download