blustealer | 70fc011e55904f455a12e19e82e3a25fa05a37993bb79f023a5655aabae4b057 | Triage

Sharing

General

Target

70fc011e55904f455a12e19e82e3a25fa05a37993bb79f023a5655aabae4b057
Size

1.3MB
Sample

220913-tqh2xagad2
MD5

20cf6b947841f6ed3546f82ed68c1b7f
SHA1

d65463fd21602d678f23678565d1169b3a4a8333
SHA256

70fc011e55904f455a12e19e82e3a25fa05a37993bb79f023a5655aabae4b057
SHA512

e225529b0e191aa3e5ef6ecc362f6f44b3e81d084a6f0fc2240613af9d15f11fb4ca6291ae3b2815ca6c791a9fd25c5ab0bea835441db92bfe65c223eac6cec5
SSDEEP

24576:USeAC7aqFZpthlSTLp6tRgF/3QTJq8vOGxgiNdaeEntTI2IOw:MARqFHthlQp6DIfQfvr5Nct

Score

10^/10

blustealer spyware stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.jdaroil.com
Port:
587
Username:
[email protected]
Password:
JDAR-iraq#@

Targets

- Target
  
  70fc011e55904f455a12e19e82e3a25fa05a37993bb79f023a5655aabae4b057
- Size
  
  1.3MB
- MD5
  
  20cf6b947841f6ed3546f82ed68c1b7f
- SHA1
  
  d65463fd21602d678f23678565d1169b3a4a8333
- SHA256
  
  70fc011e55904f455a12e19e82e3a25fa05a37993bb79f023a5655aabae4b057
- SHA512
  
  e225529b0e191aa3e5ef6ecc362f6f44b3e81d084a6f0fc2240613af9d15f11fb4ca6291ae3b2815ca6c791a9fd25c5ab0bea835441db92bfe65c223eac6cec5
- SSDEEP
  
  24576:USeAC7aqFZpthlSTLp6tRgF/3QTJq8vOGxgiNdaeEntTI2IOw:MARqFHthlQp6DIfQfvr5Nct
Score

10^/10

blustealer spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerspywarestealer

behavioral2

blustealerspywarestealer