blustealer | 90cfa88b710e25a9a1219c67738a891f052a33085a5aca2797524612b016249e | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.18116.exe
Size

1.0MB
Sample

220922-vkqegafgbq
MD5

f52b4684b9c1d2a390e98098125dd1b4
SHA1

3164c21a75ba0de36200d5ef1cb7ee81c2203a45
SHA256

90cfa88b710e25a9a1219c67738a891f052a33085a5aca2797524612b016249e
SHA512

f53be419d3b36d0df6e748b94032a11468358f1e9f5e50803016567c3b2dc59fa8e287cbbb7320338858e43f413045f5a7662f1f93556a3ba8be3fab6a09e14f
SSDEEP

12288:1zE35FZjxFmdVht9TGclUy7jfV6l53Hk1oJ9fVid6a/g5mLUqrjds118p4QCf:qFWLzTl9Na46fEb/g5ovdNm

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.18116.exe
- Size
  
  1.0MB
- MD5
  
  f52b4684b9c1d2a390e98098125dd1b4
- SHA1
  
  3164c21a75ba0de36200d5ef1cb7ee81c2203a45
- SHA256
  
  90cfa88b710e25a9a1219c67738a891f052a33085a5aca2797524612b016249e
- SHA512
  
  f53be419d3b36d0df6e748b94032a11468358f1e9f5e50803016567c3b2dc59fa8e287cbbb7320338858e43f413045f5a7662f1f93556a3ba8be3fab6a09e14f
- SSDEEP
  
  12288:1zE35FZjxFmdVht9TGclUy7jfV6l53Hk1oJ9fVid6a/g5mLUqrjds118p4QCf:qFWLzTl9Na46fEb/g5ovdNm
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer