blustealer | 2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6 | Triage

Resubmissions

17-04-2023 16:19

230417-tsqjrsfb33 10

17-04-2023 16:08

230417-tk6wsagg5s 10

17-04-2023 15:53

230417-tbt6magg2s 10

17-04-2023 15:30

230417-sxwqxage9v 10

Sharing

General

Target

RFQ for supply of Stock Replenishment FI-2023-089.gz
Size

768KB
Sample

230417-sxwqxage9v
MD5

49f8a8d16bdd4d2af2be3a79d7b213a4
SHA1

1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9
SHA256

2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6
SHA512

ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748
SSDEEP

24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  RFQ for supply of Stock Replenishment FI-2023-089.gz
- Size
  
  768KB
- MD5
  
  49f8a8d16bdd4d2af2be3a79d7b213a4
- SHA1
  
  1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9
- SHA256
  
  2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6
- SHA512
  
  ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748
- SSDEEP
  
  24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD
Score

3^/10
behavioral1 behavioral2
- Target
  
  RFQ for supply of Stock Replenishment FI-2023-089.exe
- Size
  
  833KB
- MD5
  
  c3d43cf53c510fed679a621e5c9d0aea
- SHA1
  
  a8d367631072c110d99369209782f8ddd6de673f
- SHA256
  
  2a4fe1060c15849fad34754e02f548fc250f8749ab923f929c7497c0614c760b
- SHA512
  
  19d006881997d35cc57fff45b1e216d601d83b15045dcc75f8b6b617bb797c838a7cf0c3e0eec1e016817d5f3f429650a88a914bfaa9b9deeb62af18255437a8
- SSDEEP
  
  12288:El4SNuCXLzEfF0S2FXtBvFD3oNQLp1K6YZQ0MASVbNqRPXnBGTJ:EG9CvEfFv23o2LDK6WQOSVpwXnB2
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

blustealercollectionstealer