blustealer | 8c575aa5e93a77f506411780e84f57617a784605557c36053bc3535306509f03 | Triage

Sharing

General

Target

quotation.exe
Size

661KB
Sample

221003-qg8z7aghbm
MD5

3447635f58aa5581db95a3829b004f5b
SHA1

e9275447f8fd436b726a868025f49412b5cba811
SHA256

8c575aa5e93a77f506411780e84f57617a784605557c36053bc3535306509f03
SHA512

7c6570674889496a206ff8c52e954ae40d948ee4ac4d20fb42f47abc48ca3d469617b9a76eadd39c9c77a9136c69d3c9df1f213cb3dbbe1c79d337bf19dee8ba
SSDEEP

12288:jCfAg0DqCrZVRr7s2uUBdx5bwY8nmX5nadvQeQPR:jmzGqaZVBmUnxympnKo/PR

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  quotation.exe
- Size
  
  661KB
- MD5
  
  3447635f58aa5581db95a3829b004f5b
- SHA1
  
  e9275447f8fd436b726a868025f49412b5cba811
- SHA256
  
  8c575aa5e93a77f506411780e84f57617a784605557c36053bc3535306509f03
- SHA512
  
  7c6570674889496a206ff8c52e954ae40d948ee4ac4d20fb42f47abc48ca3d469617b9a76eadd39c9c77a9136c69d3c9df1f213cb3dbbe1c79d337bf19dee8ba
- SSDEEP
  
  12288:jCfAg0DqCrZVRr7s2uUBdx5bwY8nmX5nadvQeQPR:jmzGqaZVBmUnxympnKo/PR
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer