blustealer | 26309d3ea01d7ec07f752736fb0f5a2c73b95ecbe3b0da7ebf155ac2a522ef6c | Triage

Sharing

General

Target

8102896166.zip
Size

472KB
Sample

221003-ttlxzaeecr
MD5

01421892195b315b9d8864a414f15601
SHA1

8ae527c83d2f29945945c0a87a870ba609ec1fad
SHA256

26309d3ea01d7ec07f752736fb0f5a2c73b95ecbe3b0da7ebf155ac2a522ef6c
SHA512

a1c03324ff988012e8f4e28fbdfb71df924b7e563f7c3241ddc4b8a6f30d8c5db98b7c1a8e67c6242bbf4d95a33060610f8e3a23f32bbd89a437522364ebb817
SSDEEP

6144:TLAGUlLu4rQB7AfVbdQbP/qu+RP8sauBRsTplK1UPdDwffGN0DCpfte1U4C+9ABT:14r47AfMGuFCRupf18fWftYFiBT

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33
- Size
  
  509KB
- MD5
  
  c7ece13890b374467b4857ce1afaf2e6
- SHA1
  
  e27145f0208a85564052b66d83ef7223154f22d6
- SHA256
  
  640d26a67eb1438c3ea2371e196976e13454290aac77cf66692f3bb82d7c0b33
- SHA512
  
  46adbb990077c0dbb76c2c2282ce3ad5d36134c38d10195dd74ddacc4cd4103e4857920de0542d043c188dbacb3900f37bafe3a091745e089cb07d1017c36379
- SSDEEP
  
  12288:yGZPq/wha6qc239Cf6mu57HFapiR9eJg+Fq085opbVq6:yGVL06j239m6R5782yF58qpb
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer