blustealer | f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd | Triage

Sharing

General

Target

f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd
Size

523KB
Sample

230306-1lyecsee2x
MD5

cac4348fb51dea6158f27b0f8b7a79bb
SHA1

402740d268dde6b07e9855b85e9cefd1abd712d1
SHA256

f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd
SHA512

f13bcf56612fff85b2dee304fa622aeacfca2dd745fab79ddc0acd80352cc43f228df22fa6e74bf3840f7d1d88a3c7ddaa3c7ffa5f95f84e27ef8b33d11853c7
SSDEEP

12288:/YFYF0yZC++1vwE721swz90NsT6JIR/sXOcYQK6EqxapW:/YFOC5IP0+T6yRkXJKfOp

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd
- Size
  
  523KB
- MD5
  
  cac4348fb51dea6158f27b0f8b7a79bb
- SHA1
  
  402740d268dde6b07e9855b85e9cefd1abd712d1
- SHA256
  
  f2bf8ee81960e00ff117376675a5b662b18ca10d58164de0f5fbb560aa4199fd
- SHA512
  
  f13bcf56612fff85b2dee304fa622aeacfca2dd745fab79ddc0acd80352cc43f228df22fa6e74bf3840f7d1d88a3c7ddaa3c7ffa5f95f84e27ef8b33d11853c7
- SSDEEP
  
  12288:/YFYF0yZC++1vwE721swz90NsT6JIR/sXOcYQK6EqxapW:/YFOC5IP0+T6yRkXJKfOp
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer