blustealer | 8c9d8d4eb2f2179b9c628488b749e5ef49b4d0b25bd04815c86142426e66ed32 | Triage

Sharing

General

Target

d50e53128afae84f81f41fce22e7ce3f13442485d7c7ce3bb1417afaba6c9c05.zip
Size

1.2MB
Sample

230321-qp4qface9s
MD5

f85cb8d3be6f0fe0b448094d99093fec
SHA1

49233456b1ead3a140bde838bc92b7fe7f5f45b5
SHA256

8c9d8d4eb2f2179b9c628488b749e5ef49b4d0b25bd04815c86142426e66ed32
SHA512

7888b09fc281ab8af04ccc8b9708fb56bd11431bf32d9a351ff56467013f72bb624230ce8534bdb8ccddaed4ddefb3ad8ec22740a7430ef67a67c4d9964211fb
SSDEEP

24576:Upchuo/Q/eJWblHmdktFaSvbtzgEVCIbobKVJtG2B6ewdc8tNdRaWJAgN:Upc3GxYdkt0jIbobKnJrwdciNdRaWiM

Score

10^/10

blustealer collection persistence spyware stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645

Targets

- Target
  
  d50e53128afae84f81f41fce22e7ce3f13442485d7c7ce3bb1417afaba6c9c05.exe
- Size
  
  2.4MB
- MD5
  
  888a18230e69a8ba0c420042bcb6e758
- SHA1
  
  0b0dcb23577efc327acdd2ff052bb3d54693d715
- SHA256
  
  d50e53128afae84f81f41fce22e7ce3f13442485d7c7ce3bb1417afaba6c9c05
- SHA512
  
  d20488366904fda6dccb6a92c4ad0bfc74d2c74702e2f4cadef197cdf1e3f37cd39f3b35a8df9bfc8d3f9a71bfb4fefa6adf0b5f4b8f4cf8eb017367847fd3cc
- SSDEEP
  
  24576:sE9iqdFA3SA2PWRLxlTP0q0prBMsOZORHJd5SbyBRJ4y4c2TsdZh8FzxZ+hLAwKu:79vgIWRbb0RtYQBXhcOatvd4oS
Score

10^/10

persistence blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealercollectionpersistencespywarestealer