Extracted

• • Target

    4.exe

  • Size

    1.9MB

  • MD5

    adf6fb25451bedd42bf008aab3526a78

  • SHA1

    f19c7c77ddbe01491f8deb0c1f241f7ef19341bf

  • SHA256

    e95133b41a680c6eefc46c572c77c90ec1597046bfd5a7d6d6199ed566b43457

  • SHA512

    12327658ca54ea5bfdc320b7136a6866620cdb3b13a057f2cd69120ae3383c18635ab57a4838ed0fb288fbd90ad9e838f984907fe8c4b12a22ac7537400f98d8

  Score

  10^/10

  blustealerpersistencestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2