blustealer | 6c922a791609e332501e499c78283d9d98a413c8a16cebc66603c917eeb9e3bc | Triage

Sharing

General

Target

6c922a791609e332501e499c78283d9d98a413c8a16cebc66603c917eeb9e3bc.exe
Size

427KB
Sample

230420-mas4lshb66
MD5

15ecb5efcdd1da60edf5920c2fdcd515
SHA1

8e2fa7988cc4a7afa34e8d2e3268ffa76bf51e4d
SHA256

6c922a791609e332501e499c78283d9d98a413c8a16cebc66603c917eeb9e3bc
SHA512

24c97b2f2aae8e706bf9ae46e4d4a7ebef4ef72a838c06f91aa0cce866fd80bc2fe4424aeb3c5800e1d5bcd53ebb203149deea576a39c53b46732cb95c0395f1
SSDEEP

12288:obWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:osxgsRftD0C2nKG

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5916787654:AAEJEadEk6VSBHL82vTGRS9aaNuh-zG53Rg/sendMessage?chat_id=5483672364

Targets

- Target
  
  6c922a791609e332501e499c78283d9d98a413c8a16cebc66603c917eeb9e3bc.exe
- Size
  
  427KB
- MD5
  
  15ecb5efcdd1da60edf5920c2fdcd515
- SHA1
  
  8e2fa7988cc4a7afa34e8d2e3268ffa76bf51e4d
- SHA256
  
  6c922a791609e332501e499c78283d9d98a413c8a16cebc66603c917eeb9e3bc
- SHA512
  
  24c97b2f2aae8e706bf9ae46e4d4a7ebef4ef72a838c06f91aa0cce866fd80bc2fe4424aeb3c5800e1d5bcd53ebb203149deea576a39c53b46732cb95c0395f1
- SSDEEP
  
  12288:obWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:osxgsRftD0C2nKG
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer