blustealer | 9828b2d75984a20ebee6ace8fca7c3b20f52f2102cea4796620f2e0e29ecb293 | Triage

Submit
Reports

Overview

overview

Static

static

1

8b43fb960f...b3.exe

windows7-x64

8b43fb960f...b3.exe

windows10-2004-x64

Sharing

General

Target

1a496bebdf47aaee63127ad8e0f2c038.bin
Size

583KB
Sample

230222-bc4scabb4s
MD5

9d330a74116a9c240c0cddbb6f6a8022
SHA1

896c2e016986303a5982971f5a4141effdf13462
SHA256

9828b2d75984a20ebee6ace8fca7c3b20f52f2102cea4796620f2e0e29ecb293
SHA512

2ab750a4c2e909f943ab648f6150976d532856b9ea7d56d6f13f2d6c37428b2cb9d2002d0886c8a21f36f73e133e82d4ad0445483024c772bd4963785fbb95e6
SSDEEP

12288:n0HwYezA8mHmKM6/du3NpcPVMY/VQjMyZWP/LWLKG3BFGlFD:n0Hn8XKM6/d0pcPbGrsDW2swFD

Score

10^/10

blustealer collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3.exe

Resource

win7-20230220-en

blustealer collection stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3.exe

Resource

win10v2004-20230221-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3.exe
- Size
  
  597KB
- MD5
  
  1a496bebdf47aaee63127ad8e0f2c038
- SHA1
  
  0b4c18d15e7e03fdc58f942236591d01db2a0e15
- SHA256
  
  8b43fb960fbec0fcdc81a4e12892204c6dc80156258e92995f2a7ece5da3c5b3
- SHA512
  
  534c1b75d3d581ca07c831ddec2639559f63a4f532b8fa97126f23cbf49dc5b58184a7f0027182b8aed3cb4c028ed334860f15164aa092656289435d3e9acb6d
- SSDEEP
  
  12288:/Ytho+cYQo+uRRAkbIWsRQ219z0EnDWg9/YG6B5ZdZOkiM:/Yt4YQoRqkV2Eg9h6JdV
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy