blustealer | da7f7bddce0402e2c6e547009034a7745842bdeeedfc9fc36a2761270ea350cb | Triage

Sharing

General

Target

da7f7bddce0402e2c6e547009034a7745842bdeeedfc9fc36a2761270ea350cb.exe
Size

1.2MB
Sample

221203-15ca8sdh7s
MD5

f316c250f78bc5c1ac83ec3993c9edec
SHA1

9807d7dd5f9446b6b9990d0bf3b57c669de8e172
SHA256

da7f7bddce0402e2c6e547009034a7745842bdeeedfc9fc36a2761270ea350cb
SHA512

0ceff2a91e474257f1ca40d223cdcce9181f417d16c79c52e252ff488761377a2ac451fc9d11dc084706b68a19c71565e867754fcf305ddf96b34eec05a9d6fd
SSDEEP

24576:VnghTrx6br3u40UMffEOU4PPaUVVrXpqTiwAAgEEY4:Vghnx6br3u40jEOUcPRVPqTQp

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  da7f7bddce0402e2c6e547009034a7745842bdeeedfc9fc36a2761270ea350cb.exe
- Size
  
  1.2MB
- MD5
  
  f316c250f78bc5c1ac83ec3993c9edec
- SHA1
  
  9807d7dd5f9446b6b9990d0bf3b57c669de8e172
- SHA256
  
  da7f7bddce0402e2c6e547009034a7745842bdeeedfc9fc36a2761270ea350cb
- SHA512
  
  0ceff2a91e474257f1ca40d223cdcce9181f417d16c79c52e252ff488761377a2ac451fc9d11dc084706b68a19c71565e867754fcf305ddf96b34eec05a9d6fd
- SSDEEP
  
  24576:VnghTrx6br3u40UMffEOU4PPaUVVrXpqTiwAAgEEY4:Vghnx6br3u40jEOUcPRVPqTQp
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer