blustealer | a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0 | Triage

Sharing

General

Target

QUOTATION _RFQ# 1043999.exe
Size

851KB
Sample

230422-m7ebqaee44
MD5

3d695f1b4db5a0635d43e1cd1b9d48ae
SHA1

377936812ab222b69380049be6ad28208e135603
SHA256

a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0
SHA512

268e47ebb3d159ee3c33a0b0b5d8c4a272430544c01ff2c66c7918fabcba66e784edebd435e1200f0c0ce44c317b771f3b076d4548f9fbcd905079d47a434185
SSDEEP

12288:Y+vTN8RVtfK8cyo7qyy8SpCrqLKL2MhkHEmY4FrHSzn7rwR8mGyqF7qbnZ4Xb:Y6TNUVU8cmJ4rM3akk14JH+n78Z4Xb

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  QUOTATION _RFQ# 1043999.exe
- Size
  
  851KB
- MD5
  
  3d695f1b4db5a0635d43e1cd1b9d48ae
- SHA1
  
  377936812ab222b69380049be6ad28208e135603
- SHA256
  
  a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0
- SHA512
  
  268e47ebb3d159ee3c33a0b0b5d8c4a272430544c01ff2c66c7918fabcba66e784edebd435e1200f0c0ce44c317b771f3b076d4548f9fbcd905079d47a434185
- SSDEEP
  
  12288:Y+vTN8RVtfK8cyo7qyy8SpCrqLKL2MhkHEmY4FrHSzn7rwR8mGyqF7qbnZ4Xb:Y6TNUVU8cmJ4rM3akk14JH+n78Z4Xb
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer