blustealer | 8713e79470516d402e9c6daa5d986e656a7e1ca2391a2d94699ee0ef18c000e3 | Triage

Sharing

General

Target

doc033332421.gz
Size

472KB
Sample

221003-p8hfwagdgn
MD5

71b236d018f8e081a74a60ea1580457a
SHA1

718893696ff7e81395b53da904fbcc7d22a0413f
SHA256

8713e79470516d402e9c6daa5d986e656a7e1ca2391a2d94699ee0ef18c000e3
SHA512

ccb3b48516cab758c005818afc535e1e71fd1ad10e57e4dae86fd6efea2b769ab476d460d5b0a8fba6678f214fe6d1e397c76900e41caafad622501546f80293
SSDEEP

12288:m2TPSPmULqnlFOvCW3f3P2PhMOxWbNllYwbRCOopzx+c7E:V+bunzOq0f3ePhSllfAOo9xDE

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  doc033332421.exe
- Size
  
  509KB
- MD5
  
  c7ece13890b374467b4857ce1afaf2e6
- SHA1
  
  e27145f0208a85564052b66d83ef7223154f22d6
- SHA256
  
  640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33
- SHA512
  
  46adbb990077c0dbb76c2c2282ce3ad5d36134c38d10195dd74ddacc4cd4103e4857920de0542d043c188dbacb3900f37bafe3a091745e089cb07d1017c36379
- SSDEEP
  
  12288:yGZPq/wha6qc239Cf6mu57HFapiR9eJg+Fq085opbVq6:yGVL06j239m6R5782yF58qpb
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer