blustealer | 7d2679d585d5fd6b476830fea23e3d0ddc831476e40464cee74743a2c853b81e | Triage

Sharing

General

Target

Order Request.exe
Size

1.0MB
Sample

221117-vdyr9sfa25
MD5

3c41bd7a89f4aaa559fd8d54455d8f9a
SHA1

c33773d28c2766f471b33fea9aed3fe8bcf53faf
SHA256

7d2679d585d5fd6b476830fea23e3d0ddc831476e40464cee74743a2c853b81e
SHA512

9e7f68cd03fa5a1e712f1a85a93ff6d7874bc158c80c4dc2604a8dce317c774830cba7972b1ce88503286f9e3157a31896bc06cdc9ba8108fcd2b6899863d86e
SSDEEP

24576:QiqeK7vCseCxe8+VcBm+6PpHrDkUZbv4KTBnG30YCoFjZnbCkI:QitrAWcBm+Ep8U5jBn+9FjZnbCkI

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  Order Request.exe
- Size
  
  1.0MB
- MD5
  
  3c41bd7a89f4aaa559fd8d54455d8f9a
- SHA1
  
  c33773d28c2766f471b33fea9aed3fe8bcf53faf
- SHA256
  
  7d2679d585d5fd6b476830fea23e3d0ddc831476e40464cee74743a2c853b81e
- SHA512
  
  9e7f68cd03fa5a1e712f1a85a93ff6d7874bc158c80c4dc2604a8dce317c774830cba7972b1ce88503286f9e3157a31896bc06cdc9ba8108fcd2b6899863d86e
- SSDEEP
  
  24576:QiqeK7vCseCxe8+VcBm+6PpHrDkUZbv4KTBnG30YCoFjZnbCkI:QitrAWcBm+Ep8U5jBn+9FjZnbCkI
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer