blustealer | 4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52 | Triage

Submit
Reports

Overview

overview

Static

static

1

4c1286920e...52.exe

windows7-x64

4c1286920e...52.exe

windows10-2004-x64

Sharing

General

Target

4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52.exe
Size

567KB
Sample

221211-amnnfagd52
MD5

671f6fa2476117ebabadfbbabe5a4009
SHA1

92269b2ad71e7cac4eff7dc810f2989b93ac74b0
SHA256

4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52
SHA512

0c0d8177803158ccceca3526405f40e4e29af5ed049dda12818d97357b3cee63f8bd804cdf2df346c1022069c6960b7b596ed2f55e23264dfd790bdc3d75eac0
SSDEEP

12288:VYIFRHhMwBPAsS6l6y1HcjhgEbXFRcEHvhI52:VzFRBosSSFNaXFRc0hQ2

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52.exe

Resource

win7-20220812-en

blustealer collection stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52.exe

Resource

win10v2004-20220901-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52.exe
- Size
  
  567KB
- MD5
  
  671f6fa2476117ebabadfbbabe5a4009
- SHA1
  
  92269b2ad71e7cac4eff7dc810f2989b93ac74b0
- SHA256
  
  4c1286920e0fbb0e4269f4b64ec6ca052076414a24af72f2e1a82f516a21bf52
- SHA512
  
  0c0d8177803158ccceca3526405f40e4e29af5ed049dda12818d97357b3cee63f8bd804cdf2df346c1022069c6960b7b596ed2f55e23264dfd790bdc3d75eac0
- SSDEEP
  
  12288:VYIFRHhMwBPAsS6l6y1HcjhgEbXFRcEHvhI52:VzFRBosSSFNaXFRc0hQ2
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy