blustealer | 6b041e56226fc797cc0ca56d29e6f851bfbe925377ee660686c1cf5120005091 | Triage

Submit
Reports

Overview

overview

Static

static

1

RFQ_Techni...on.exe

windows7-x64

RFQ_Techni...on.exe

windows10-2004-x64

Sharing

General

Target

RFQ_Technical evalution.lzh
Size

510KB
Sample

230219-dz4f7see55
MD5

3338d8ed5fec9f48e48031d3c387b3f7
SHA1

ba529821ab720c7912a0eca678733dd04d28f451
SHA256

6b041e56226fc797cc0ca56d29e6f851bfbe925377ee660686c1cf5120005091
SHA512

1b9a3951aa61569465b673e00a9327fae7671484779f4b9b4245d0da95dbba05c1de85891559c164e7573e940b8af19cf434106be3140ccaaeb9307ac0e06a4c
SSDEEP

12288:gtUnbnj2vyHduMWU7G5O5Eigic4UvG6+RJzt3e4kQ335zkI4VE:gt0qvyHduzU7AWm4UenzztO4kQOI4VE

Score

10^/10

blustealer collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ_Technical evalution.exe

Resource

win7-20221111-en

blustealer collection stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ_Technical evalution.exe

Resource

win10v2004-20220812-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  RFQ_Technical evalution.exe
- Size
  
  523KB
- MD5
  
  cac4348fb51dea6158f27b0f8b7a79bb
- SHA1
  
  402740d268dde6b07e9855b85e9cefd1abd712d1
- SHA256
  
  f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd
- SHA512
  
  f13bcf56612fff85b2dee304fa622aeacfca2dd745fab79ddc0acd80352cc43f228df22fa6e74bf3840f7d1d88a3c7ddaa3c7ffa5f95f84e27ef8b33d11853c7
- SSDEEP
  
  12288:/YFYF0yZC++1vwE721swz90NsT6JIR/sXOcYQK6EqxapW:/YFOC5IP0+T6yRkXJKfOp
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy