blustealer | b0b430c82cc574323d38d65365540472f3f0e6133dcb36e20ee9fcf5483769fa | Triage

Sharing

General

Target

quote request.exe
Size

756KB
Sample

221210-exhx6aeh63
MD5

6d4c80ae0bcc986dbd7439993ae10e54
SHA1

67ca4066cd527edc67c4d690d49c1a5eacd8119d
SHA256

b0b430c82cc574323d38d65365540472f3f0e6133dcb36e20ee9fcf5483769fa
SHA512

1ee0c13ad0c2deadfeadbf0e1af97a495c765ada125074a4845ff38fdf569e3f814562137b133089370311b46f80a8508ebd6173e8aa33b59bbedd312eb189a4
SSDEEP

12288:0Hklt3dwkiuzina39XGzuBPBWFmH4G+oipT3yzf0VO3yfg98tUNGmOev:LZqCinc9XiulBWQH4Roipa0VO32QyadJ

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  quote request.exe
- Size
  
  756KB
- MD5
  
  6d4c80ae0bcc986dbd7439993ae10e54
- SHA1
  
  67ca4066cd527edc67c4d690d49c1a5eacd8119d
- SHA256
  
  b0b430c82cc574323d38d65365540472f3f0e6133dcb36e20ee9fcf5483769fa
- SHA512
  
  1ee0c13ad0c2deadfeadbf0e1af97a495c765ada125074a4845ff38fdf569e3f814562137b133089370311b46f80a8508ebd6173e8aa33b59bbedd312eb189a4
- SSDEEP
  
  12288:0Hklt3dwkiuzina39XGzuBPBWFmH4G+oipT3yzf0VO3yfg98tUNGmOev:LZqCinc9XiulBWQH4Roipa0VO32QyadJ
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer