blustealer | 1a4d18bc01f4c5857b32c7ae2ffe7ec90ff5d4e4bf312f8048bb85706f5fbff5 | Triage

Sharing

General

Target

RFQ# 6000163267.exe
Size

910KB
Sample

221117-vgt89afa56
MD5

f13711fcb52a6025e97a2bf85d9d4643
SHA1

e662ca8610953c0c7e90a161162d3e1b03e29442
SHA256

1a4d18bc01f4c5857b32c7ae2ffe7ec90ff5d4e4bf312f8048bb85706f5fbff5
SHA512

6e1885bdae20ea8c28d95c10701d9390f44d57fa01593a63ca72c9a2124b7069e30b1875cfb795956e2f78bbe6c88a636f4aa208c865991eb762f898443d70d7
SSDEEP

24576:gy/5dJbw9j6QSpvsRecLAzAd/AHjZnbCkI:P/5k9GQSpCecLCKMjZnbCkI

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  RFQ# 6000163267.exe
- Size
  
  910KB
- MD5
  
  f13711fcb52a6025e97a2bf85d9d4643
- SHA1
  
  e662ca8610953c0c7e90a161162d3e1b03e29442
- SHA256
  
  1a4d18bc01f4c5857b32c7ae2ffe7ec90ff5d4e4bf312f8048bb85706f5fbff5
- SHA512
  
  6e1885bdae20ea8c28d95c10701d9390f44d57fa01593a63ca72c9a2124b7069e30b1875cfb795956e2f78bbe6c88a636f4aa208c865991eb762f898443d70d7
- SSDEEP
  
  24576:gy/5dJbw9j6QSpvsRecLAzAd/AHjZnbCkI:P/5k9GQSpCecLCKMjZnbCkI
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer