blustealer | c661a855a5690fa71694d76a83a1bdcb423551cb499bec9eef5be0d3e8e189d9 | Triage

Sharing

General

Target

4b9b4b9c7b90ff35a4842f1cd52b4ccd644a71775906560d0d280e71ced15fda.zip
Size

542KB
Sample

230308-pyj7qahd5t
MD5

58fc7da349f308d9f5434f91fff8dd39
SHA1

bac254f9166646a82f89bb4aed404e901ce08eac
SHA256

c661a855a5690fa71694d76a83a1bdcb423551cb499bec9eef5be0d3e8e189d9
SHA512

a5615cbdfba7f9dda27893d17088426f3a5fa8febec4125284eed9cbda5529644a3f569c0c1876922b7f78273f05d4ee9b2e6666860f9486c54edfc18a4ffe44
SSDEEP

12288:Q/cgNovZiEQRihcKHAprGxhxgiemJhRBNaOwQ/SS6wR8:uc/vZiEQRd5lGxh8qTwQ/V8

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.fidvision.icu
Port:
587
Username:
[email protected]
Password:
Admin@123

Targets

- Target
  
  4b9b4b9c7b90ff35a4842f1cd52b4ccd644a71775906560d0d280e71ced15fda.exe
- Size
  
  646KB
- MD5
  
  6776447387587d3546350f090ff756f4
- SHA1
  
  67a41fc5c4bf832d5ebe569943c1e70104342992
- SHA256
  
  4b9b4b9c7b90ff35a4842f1cd52b4ccd644a71775906560d0d280e71ced15fda
- SHA512
  
  753e9b8b6fa07c4debbe96c3f2897831622bd8845ef68b7bb92ed7c33f104895f31de2fe5a01da2a0f108c4047291163b427928b2a989bc54fdf7d06b2f5c3d9
- SSDEEP
  
  12288:0JJqYzhltD7BybICsQmOk+DH1TbpVbC5cPhle2cEbuo9fif+:0JJZhbpPBQVVWyeEH9qm
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

blustealerstealer