blustealer | 82b0930120afef192da8d6f7ae2275298986918eed55b4765a4ee665a23453d0 | Triage

Sharing

General

Target

3c319504f8c3cd2df7ca9642e2baf07c.exe
Size

436KB
Sample

220920-s6292shbek
MD5

3c319504f8c3cd2df7ca9642e2baf07c
SHA1

1dcbf401f7d66b19d8d5e1362e45a0642fd31226
SHA256

82b0930120afef192da8d6f7ae2275298986918eed55b4765a4ee665a23453d0
SHA512

58571bb15727a6281da5bca88de50479a79dee60e14a1d79fac69d6f0c03934f97018320b34487c2f8d340b2a8b8d4debd2c7e93ad3251306595fd84bdb221f2
SSDEEP

12288:ZWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:mxgsRftD0C2nKG

Score

10^/10

blustealer collection

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5351997584:AAEyh4aj9rNp8tJtHYZqoYG-PSzq-z5M18M/sendMessage?chat_id=1374455932

Targets

- Target
  
  3c319504f8c3cd2df7ca9642e2baf07c.exe
- Size
  
  436KB
- MD5
  
  3c319504f8c3cd2df7ca9642e2baf07c
- SHA1
  
  1dcbf401f7d66b19d8d5e1362e45a0642fd31226
- SHA256
  
  82b0930120afef192da8d6f7ae2275298986918eed55b4765a4ee665a23453d0
- SHA512
  
  58571bb15727a6281da5bca88de50479a79dee60e14a1d79fac69d6f0c03934f97018320b34487c2f8d340b2a8b8d4debd2c7e93ad3251306595fd84bdb221f2
- SSDEEP
  
  12288:ZWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:mxgsRftD0C2nKG
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2