blustealer | 4edfbba77374d0a3d2a422b91fe68b169b714e18f0574f8a2480db5ef60133af | Triage

Submit
Reports

Overview

overview

Static

static

7

49b3b273bc...d1.exe

windows7-x64

49b3b273bc...d1.exe

windows10-2004-x64

Sharing

General

Target

49b3b273bcde3ffa77230bca6036ddd1.exe
Size

2.8MB
Sample

220920-s77k6ahbep
MD5

49b3b273bcde3ffa77230bca6036ddd1
SHA1

e25fdf251f5ac4ffad2836ddcfbbd9efb5a1adba
SHA256

4edfbba77374d0a3d2a422b91fe68b169b714e18f0574f8a2480db5ef60133af
SHA512

f47eedfa329214a35f79da74334937c849071e8843ce551a63eab391dc0982424df94e2d881b1c7e5cba70b65c1aa8bc67a8278ce23e95c716654b84dd3cd3cb
SSDEEP

49152:7OJGLUpIRkdAI0B4VQZ3vZdhYwb8ixoQsoyx8Unug+QPZ7/g5PMYD3lE+TjhARFF:7SGbGdAQV4R0wizugbdgLD3DhARFwm

Score

10^/10

blustealer collection evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

49b3b273bcde3ffa77230bca6036ddd1.exe

Resource

win7-20220812-en

blustealer collection evasion stealer themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

49b3b273bcde3ffa77230bca6036ddd1.exe

Resource

win10v2004-20220901-en

blustealer collection evasion stealer themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5351997584:AAEyh4aj9rNp8tJtHYZqoYG-PSzq-z5M18M/sendMessage?chat_id=1374455932

Targets

- Target
  
  49b3b273bcde3ffa77230bca6036ddd1.exe
- Size
  
  2.8MB
- MD5
  
  49b3b273bcde3ffa77230bca6036ddd1
- SHA1
  
  e25fdf251f5ac4ffad2836ddcfbbd9efb5a1adba
- SHA256
  
  4edfbba77374d0a3d2a422b91fe68b169b714e18f0574f8a2480db5ef60133af
- SHA512
  
  f47eedfa329214a35f79da74334937c849071e8843ce551a63eab391dc0982424df94e2d881b1c7e5cba70b65c1aa8bc67a8278ce23e95c716654b84dd3cd3cb
- SSDEEP
  
  49152:7OJGLUpIRkdAI0B4VQZ3vZdhYwb8ixoQsoyx8Unug+QPZ7/g5PMYD3lE+TjhARFF:7SGbGdAQV4R0wizugbdgLD3DhARFwm
Score

10^/10

blustealer collection evasion stealer themida trojan
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses Microsoft Outlook profiles
  collection
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionevasionstealerthemidatrojan

behavioral2

blustealercollectionevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy