blustealer | 54ccc28b6adc020ce06f485e2e8d300b1871b52d55a280f2a06ec405dd9b5184 | Triage

Submit
Reports

Overview

overview

Static

static

1

Request fo...on.exe

windows7-x64

Request fo...on.exe

windows10-2004-x64

Sharing

General

Target

Request for quotation.exe
Size

504KB
Sample

221228-tbl51sag58
MD5

3db74116bfd3320ecf106e9143260cea
SHA1

fa3b311a33b9f903f570494561c5c5a679d14808
SHA256

54ccc28b6adc020ce06f485e2e8d300b1871b52d55a280f2a06ec405dd9b5184
SHA512

a9210243e6679cffaf296f6e11a49ee75d80fe1b5400a38a2a18e5b17fc5b13680c4b00b9942130d281353b9c7265b96c3d22216eb1c21635ca22357018dfa05
SSDEEP

12288:3+Mp3mHUy1aI4LIvYfk9bADwcYHcSTWy3mE7v:/EHahfwADXS6y17v

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Request for quotation.exe

Resource

win7-20220812-en

blustealer collection stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request for quotation.exe

Resource

win10v2004-20220812-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  Request for quotation.exe
- Size
  
  504KB
- MD5
  
  3db74116bfd3320ecf106e9143260cea
- SHA1
  
  fa3b311a33b9f903f570494561c5c5a679d14808
- SHA256
  
  54ccc28b6adc020ce06f485e2e8d300b1871b52d55a280f2a06ec405dd9b5184
- SHA512
  
  a9210243e6679cffaf296f6e11a49ee75d80fe1b5400a38a2a18e5b17fc5b13680c4b00b9942130d281353b9c7265b96c3d22216eb1c21635ca22357018dfa05
- SSDEEP
  
  12288:3+Mp3mHUy1aI4LIvYfk9bADwcYHcSTWy3mE7v:/EHahfwADXS6y17v
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy