blustealer | f101138228ca15bebf19e1802f716601ed0094373bac649e9e0d9f1bfb2e74c3 | Triage

Submit
Reports

Overview

overview

Static

static

1

8673653b4e...35.exe

windows7-x64

8673653b4e...35.exe

windows10-2004-x64

Sharing

General

Target

8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135.zip
Size

1.4MB
Sample

230417-xepbbshd3s
MD5

964ef6bf7a1892fbcd393b0d390fa430
SHA1

8b13a01180751222a8b6ec34e71441864fb5ae0d
SHA256

f101138228ca15bebf19e1802f716601ed0094373bac649e9e0d9f1bfb2e74c3
SHA512

37cdbaa1837a1fcb7d6de560fe98fb7f5e536c7dfb9f42d7a9789aa423e40b91876e375720162255290ddfeff98d105a7ec7e6a733d9fae6ff5c4acf5449904b
SSDEEP

24576:BeKxRBwZGjbdiiXkknLZGfpZOBH2RnBHI/vICqfg1ihzBhFkI:BeKxRuZGjIGVKpzYvIC91QBhFd

Score

10^/10

blustealer collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135.exe

Resource

win7-20230220-en

blustealer collection spyware stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135.exe

Resource

win10v2004-20230221-en

blustealer collection spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135.exe
- Size
  
  1.5MB
- MD5
  
  76a953005611843cca8ba94dc2ffbfcf
- SHA1
  
  af634f838961dbeb328c9fb09ab23cb1aca2affe
- SHA256
  
  8673653b4e2feb2342836fa526e90d2412ff6f61d77e693efb0172827f45c135
- SHA512
  
  06095412d5fe83e4741ab31a4fe890283c0b8b659ea7fc2289dc52e1ed2c07cd8619e8fdbc9368a4980c6e8b43161472d55d96552df2b57759e84c9a85a16a3b
- SSDEEP
  
  24576:8r1voTP6JZs4KoxhV2EiP0Av/1IZwA7dTej7Tz5IDuvkuwV7GkeoAu2j7NiznXBy:8r1voTP67sJoxTiP00/OH1eHVSJXT281
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionspywarestealer

behavioral2

blustealercollectionspywarestealer

© 2018-2024

Terms | Privacy