blustealer | 7a7f3604032d3f53d07aed1b918b1d2629c9b0e26bcdee5565ad8cba72370cb2 | Triage

Sharing

General

Target

1d1c80aa67bed8372b0f483ca4bc77af.exe
Size

278KB
Sample

220920-s7mwrahben
MD5

1d1c80aa67bed8372b0f483ca4bc77af
SHA1

178ae2d7d6390369d9cb9ebb74b15a8baecdcb75
SHA256

7a7f3604032d3f53d07aed1b918b1d2629c9b0e26bcdee5565ad8cba72370cb2
SHA512

6cba39a5f8c031677e640f96c0ceefb5b148d8001fd98d2a50aea64cc0c1fc185eaa2d509605ca97e99aff62b13d4863edb0c1fbf168ee4202f6822d685bed01
SSDEEP

6144:3oHFAN2yKhbBTA4Bav5WtyW3P0hUhf2X6A:4HFAWhbBAqyEMhsOX7

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5351997584:AAEyh4aj9rNp8tJtHYZqoYG-PSzq-z5M18M/sendMessage?chat_id=1374455932

Targets

- Target
  
  1d1c80aa67bed8372b0f483ca4bc77af.exe
- Size
  
  278KB
- MD5
  
  1d1c80aa67bed8372b0f483ca4bc77af
- SHA1
  
  178ae2d7d6390369d9cb9ebb74b15a8baecdcb75
- SHA256
  
  7a7f3604032d3f53d07aed1b918b1d2629c9b0e26bcdee5565ad8cba72370cb2
- SHA512
  
  6cba39a5f8c031677e640f96c0ceefb5b148d8001fd98d2a50aea64cc0c1fc185eaa2d509605ca97e99aff62b13d4863edb0c1fbf168ee4202f6822d685bed01
- SSDEEP
  
  6144:3oHFAN2yKhbBTA4Bav5WtyW3P0hUhf2X6A:4HFAWhbBAqyEMhsOX7
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Downloads MZ/PE file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer