blustealer | 02a4055e2fce4b14d2a07f2625c2329309c01dea5499294405ca78e1d800bd78 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Packed2.44634.20056.30170
Size

1.2MB
Sample

221122-f7n3labe53
MD5

7f7ef456450f254a7bbb162af495a3d2
SHA1

b957c8cc73f9cc83cf1519a628b2f8382d52befc
SHA256

02a4055e2fce4b14d2a07f2625c2329309c01dea5499294405ca78e1d800bd78
SHA512

a481c5de7cf000d30f6a28d4f8d6712295d6de062f64722ff264b423ae37d55dafba35676d63ed4ee68e465c1ce39082e4e48ad960f31a072d6c77f94bd731c6
SSDEEP

24576:wM+L74mBfNUstzoh04C14jT7cIxSFD075acQrFclsFVTJWR22n8W5enV3mmb3r8n:f+ejTBC05lQrF6sFVTJkj8W5enV3mOI

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  SecuriteInfo.com.Trojan.Packed2.44634.20056.30170
- Size
  
  1.2MB
- MD5
  
  7f7ef456450f254a7bbb162af495a3d2
- SHA1
  
  b957c8cc73f9cc83cf1519a628b2f8382d52befc
- SHA256
  
  02a4055e2fce4b14d2a07f2625c2329309c01dea5499294405ca78e1d800bd78
- SHA512
  
  a481c5de7cf000d30f6a28d4f8d6712295d6de062f64722ff264b423ae37d55dafba35676d63ed4ee68e465c1ce39082e4e48ad960f31a072d6c77f94bd731c6
- SSDEEP
  
  24576:wM+L74mBfNUstzoh04C14jT7cIxSFD075acQrFclsFVTJWR22n8W5enV3mmb3r8n:f+ejTBC05lQrF6sFVTJkj8W5enV3mOI
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer