blustealer | f24f8be855ccf6648a5c947f3710e652d083bf1ed86d73367e805556586cf6bf

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-08-2022 08:14

Target

SWIFT USD50000.exe
Size

1.1MB
MD5

e016090750d7ba7f0ea23beee330da11
SHA1

946fce67103c7a16711d9ba61e1b2f62236693b2
SHA256

8615bc30555f0ccd60466d99d1fe9e20fba142a3141ddd13f8354f564c47135a
SHA512

06f2f99e27a09ced989c49b7aa2c94f12d6d8d88467da9c7acadaba03856162d80b89b35d5e3f77410f4d4e4be882e6383221e047a35a1e6bdb48f20b11ab0ee

Score

10^/10

Family

blustealer

Credentials

BluStealer
A Modular information stealer written in Visual Basic.
stealer blustealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1660 set thread context of 1128	1660	SWIFT USD50000.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1128	SWIFT USD50000.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28
PID 1660 wrote to memory of 1128	1660	SWIFT USD50000.exe	28

C:\Users\Admin\AppData\Local\Temp\SWIFT USD50000.exe
"C:\Users\Admin\AppData\Local\Temp\SWIFT USD50000.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\SWIFT USD50000.exe
  "{path}"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1128

memory/1128-59-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-60-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-62-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-64-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-67-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-70-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1660-54-0x0000000000D90000-0x0000000000EA6000-memory.dmp

Filesize
1.1MB

Download
memory/1660-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1660-56-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download
memory/1660-57-0x0000000005C60000-0x0000000005D3E000-memory.dmp

Filesize
888KB

Download
memory/1660-58-0x000000000A2D0000-0x000000000A372000-memory.dmp

Filesize
648KB

Download