blustealer | 58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1 | Triage

Sharing

General

Target

58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1
Size

501KB
Sample

230306-djllfsad67
MD5

460bdbbe5a6b8bd3f887c8b6fd4128a2
SHA1

891099bcbf82de10e1b197d2c42b2044dc0bed46
SHA256

58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1
SHA512

b741e4bc33762adc9dee71f7a348ec9e7615bd4631bb73c39e4d69a01e8d469a3eb1aa303c691e2671aa939c223c6fc4a5bc05b2dea23b40f3e5422e2b4b3c6c
SSDEEP

12288:/YFfpyLOuydXBmm+vie9mUX1NqRBchWc6P0vMLxJRg0ExsOPn7jhPhl9iqo+/:/YFhyCuCoie9nFNqgL6P0vlLxVP7FT93

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1
- Size
  
  501KB
- MD5
  
  460bdbbe5a6b8bd3f887c8b6fd4128a2
- SHA1
  
  891099bcbf82de10e1b197d2c42b2044dc0bed46
- SHA256
  
  58d5286e5694f883d2452a81e5f6e77413292ba388300a6e44dd0f91e217aff1
- SHA512
  
  b741e4bc33762adc9dee71f7a348ec9e7615bd4631bb73c39e4d69a01e8d469a3eb1aa303c691e2671aa939c223c6fc4a5bc05b2dea23b40f3e5422e2b4b3c6c
- SSDEEP
  
  12288:/YFfpyLOuydXBmm+vie9mUX1NqRBchWc6P0vMLxJRg0ExsOPn7jhPhl9iqo+/:/YFhyCuCoie9nFNqgL6P0vlLxVP7FT93
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer