blustealer | d02548b41a1f0e68f77df66f87b5664edb454744be93cc02500ccf083ae61ba3 | Triage

Sharing

General

Target

Invoice and packing list.exe
Size

911KB
Sample

221221-rrwchscd77
MD5

ac6eeec739e6744155d762c71658ee08
SHA1

fd00d02ddebab59c5e1284acfc61489ee65506f6
SHA256

d02548b41a1f0e68f77df66f87b5664edb454744be93cc02500ccf083ae61ba3
SHA512

0720bf1fe12baa9a5689f5c5806017c82c6fd7acfeb53fe960168d1e3569ec86f7c25c87871b3270dfbf568547a27d425a51f6c1f52f0175b3fc12757cca7f63
SSDEEP

24576:I1wzlArxvk6SpZnUdY5hvLD5lRcMegGFVdp6c84OCuD1Xli:IOzCSzodYf5gMeg6docdlyb

Score

10^/10

blustealer collection spyware stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5982631795:AAFe1A7BEPv_6ExMz851LxdOAjr_9gqH8zY/sendMessage?chat_id=5968311109

Targets

- Target
  
  Invoice and packing list.exe
- Size
  
  911KB
- MD5
  
  ac6eeec739e6744155d762c71658ee08
- SHA1
  
  fd00d02ddebab59c5e1284acfc61489ee65506f6
- SHA256
  
  d02548b41a1f0e68f77df66f87b5664edb454744be93cc02500ccf083ae61ba3
- SHA512
  
  0720bf1fe12baa9a5689f5c5806017c82c6fd7acfeb53fe960168d1e3569ec86f7c25c87871b3270dfbf568547a27d425a51f6c1f52f0175b3fc12757cca7f63
- SSDEEP
  
  24576:I1wzlArxvk6SpZnUdY5hvLD5lRcMegGFVdp6c84OCuD1Xli:IOzCSzodYf5gMeg6docdlyb
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionspywarestealer

behavioral2

blustealercollectionspywarestealer