blustealer | 08e9b87ddb401b7d06928ddc9034e7057b57667ed2b3c2f4b8ec9209aeaca055 | Triage

Sharing

General

Target

INWARD RMT.exe
Size

945KB
Sample

230419-qgmrysaf82
MD5

eb56c4825ec85ad8a31769d718cfff54
SHA1

7a3ec799412a4fdd3af8a370aa064f66edb4b653
SHA256

08e9b87ddb401b7d06928ddc9034e7057b57667ed2b3c2f4b8ec9209aeaca055
SHA512

e16b1e4c1af98441633feb7edfcfaf29683d88fe7ce3f25afbd9950896f7d08d9ec6b4ff70e3298535db62f2cda31a4af4bee3353141b7d411534adc0d0894f5
SSDEEP

24576:ZWqTC/fbyAvWIKZKGcd9FGo28HusyPVPbVKY0Zv:ZjOvW9FyWl8ORPLKYQv

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  INWARD RMT.exe
- Size
  
  945KB
- MD5
  
  eb56c4825ec85ad8a31769d718cfff54
- SHA1
  
  7a3ec799412a4fdd3af8a370aa064f66edb4b653
- SHA256
  
  08e9b87ddb401b7d06928ddc9034e7057b57667ed2b3c2f4b8ec9209aeaca055
- SHA512
  
  e16b1e4c1af98441633feb7edfcfaf29683d88fe7ce3f25afbd9950896f7d08d9ec6b4ff70e3298535db62f2cda31a4af4bee3353141b7d411534adc0d0894f5
- SSDEEP
  
  24576:ZWqTC/fbyAvWIKZKGcd9FGo28HusyPVPbVKY0Zv:ZjOvW9FyWl8ORPLKYQv
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer