blustealer | 195a869ef0427a97002e40c10fd7d6cbb4d85bb252518f2b65e32560d303f362 | Triage

Sharing

General

Target

2024-74-0x0000000000400000-0x000000000046D000-memory.dmp
Size

436KB
Sample

230327-wac7tsgf2x
MD5

d5e2544f7a9aef99174b10460bac2570
SHA1

a6a1fe82d34bf81557a64cff2b811eb26de848dc
SHA256

195a869ef0427a97002e40c10fd7d6cbb4d85bb252518f2b65e32560d303f362
SHA512

7a76066026fd32b311aae0f2bccd48136c919eddc286bbac6a2b4dcd5ea38ba7d0b47fd0f48fb76d91a792e0b96a2087bdb50880ad6fbf1d18805b2511c88e2c
SSDEEP

12288:3bWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:3sxgsRftD0C2nKG

Score

10^/10

blustealer collection

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5916787654:AAEJEadEk6VSBHL82vTGRS9aaNuh-zG53Rg/sendMessage?chat_id=5483672364

Targets

- Target
  
  2024-74-0x0000000000400000-0x000000000046D000-memory.dmp
- Size
  
  436KB
- MD5
  
  d5e2544f7a9aef99174b10460bac2570
- SHA1
  
  a6a1fe82d34bf81557a64cff2b811eb26de848dc
- SHA256
  
  195a869ef0427a97002e40c10fd7d6cbb4d85bb252518f2b65e32560d303f362
- SHA512
  
  7a76066026fd32b311aae0f2bccd48136c919eddc286bbac6a2b4dcd5ea38ba7d0b47fd0f48fb76d91a792e0b96a2087bdb50880ad6fbf1d18805b2511c88e2c
- SSDEEP
  
  12288:3bWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:3sxgsRftD0C2nKG
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2