blustealer | 950cd4516e6bff899e1c4b28bda9867aa713e6818b28f36c7a613fcfeda6a53e | Triage

Sharing

General

Target

950cd4516e6bff899e1c4b28bda9867aa713e6818b28f36c7a613fcfeda6a53e.exe
Size

446KB
Sample

230405-ta2t3sfg68
MD5

96fe8d6e260227c0c4f6ed082a59212b
SHA1

031b0930a59444204a672a99423a97bd7e02f83c
SHA256

950cd4516e6bff899e1c4b28bda9867aa713e6818b28f36c7a613fcfeda6a53e
SHA512

bad0737c0b73a001a434c77afc0b9ddf64f81a7c7010cf36f88579d7851905110245ac06f1dc1615ca5af986fd1882f9dc27d0cc4bc766380110e6933dcfd360
SSDEEP

12288:fWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBC:YxgsRftD0C2nKGs

Score

10^/10

blustealer collection spyware stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645

Targets

- Target
  
  950cd4516e6bff899e1c4b28bda9867aa713e6818b28f36c7a613fcfeda6a53e.exe
- Size
  
  446KB
- MD5
  
  96fe8d6e260227c0c4f6ed082a59212b
- SHA1
  
  031b0930a59444204a672a99423a97bd7e02f83c
- SHA256
  
  950cd4516e6bff899e1c4b28bda9867aa713e6818b28f36c7a613fcfeda6a53e
- SHA512
  
  bad0737c0b73a001a434c77afc0b9ddf64f81a7c7010cf36f88579d7851905110245ac06f1dc1615ca5af986fd1882f9dc27d0cc4bc766380110e6933dcfd360
- SSDEEP
  
  12288:fWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBC:YxgsRftD0C2nKGs
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionspywarestealer

behavioral2

blustealercollectionspywarestealer