blustealer | b83462b8922a0950e9375b6cde29598d0a740b98a30c1178ecc3945a052f5f74 | Triage

Sharing

General

Target

VIOLETMAN BOTNET.exe
Size

440KB
Sample

220909-s42kqsgeb8
MD5

e8a8b0d94a2815277c8926454b8506ff
SHA1

0fae661a4d1e25d9e5ba845f0dfffe1e306c2126
SHA256

b83462b8922a0950e9375b6cde29598d0a740b98a30c1178ecc3945a052f5f74
SHA512

68eaf0265cc26aacdc6a464a990088f67483d387d55defd9135d734e996c61deb7cb2912c861621ef3fa4914c95288d4da8e3243cb4dc3e8fb9fca943411d6c6
SSDEEP

12288:+WnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:txgsRftD0C2nKG

Score

10^/10

blustealer collection

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5661146649:AAGbQ5x8k2DBgYVXAUH4EPOUH7vDZMC1YM/sendMessage?chat_id=2045462497

Targets

- Target
  
  VIOLETMAN BOTNET.exe
- Size
  
  440KB
- MD5
  
  e8a8b0d94a2815277c8926454b8506ff
- SHA1
  
  0fae661a4d1e25d9e5ba845f0dfffe1e306c2126
- SHA256
  
  b83462b8922a0950e9375b6cde29598d0a740b98a30c1178ecc3945a052f5f74
- SHA512
  
  68eaf0265cc26aacdc6a464a990088f67483d387d55defd9135d734e996c61deb7cb2912c861621ef3fa4914c95288d4da8e3243cb4dc3e8fb9fca943411d6c6
- SSDEEP
  
  12288:+WnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:txgsRftD0C2nKG
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2