blustealer | ccbeb25e2c6491b93ca97048c473fc8836163c151023e2f248392a4e5281d4a6 | Triage

Sharing

General

Target

676-65-0x0000000000400000-0x0000000000472000-memory.dmp
Size

456KB
Sample

221221-r5bv2ace24
MD5

0da966bb703c4ccd325f850be5de3312
SHA1

10ed98c3a53c385b031c4e2b8a0ca36a3a45db05
SHA256

ccbeb25e2c6491b93ca97048c473fc8836163c151023e2f248392a4e5281d4a6
SHA512

fe9611c6f1205d4a1ada309878a4bddb0315fb4a0112517ffe584089a2d7c65c42507dcc5f93e608b6a9072f8df27623401825d01ad541324e275eea1020bc3c
SSDEEP

12288:KWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:hxgsRftD0C2nKG

Score

10^/10

blustealer collection spyware

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5982631795:AAFe1A7BEPv_6ExMz851LxdOAjr_9gqH8zY/sendMessage?chat_id=5968311109

Targets

- Target
  
  676-65-0x0000000000400000-0x0000000000472000-memory.dmp
- Size
  
  456KB
- MD5
  
  0da966bb703c4ccd325f850be5de3312
- SHA1
  
  10ed98c3a53c385b031c4e2b8a0ca36a3a45db05
- SHA256
  
  ccbeb25e2c6491b93ca97048c473fc8836163c151023e2f248392a4e5281d4a6
- SHA512
  
  fe9611c6f1205d4a1ada309878a4bddb0315fb4a0112517ffe584089a2d7c65c42507dcc5f93e608b6a9072f8df27623401825d01ad541324e275eea1020bc3c
- SSDEEP
  
  12288:KWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:hxgsRftD0C2nKG
Score

6^/10

collection spyware
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspyware

behavioral2

collectionspyware