Extracted

• • Target

    2492-140-0x0000000000400000-0x0000000000654000-memory.dmp

  • Size

    2.3MB

  • MD5

    2648da902ed9cd72e1b0a129eea583a0

  • SHA1

    701abc6becba1051ddcbc5652ec78dda7944ca76

  • SHA256

    ef241b30e7e55b276b860ee69841d5062ecbe09d9bb5c156c03e2029730730a9

  • SHA512

    1bc3751bb2494eb6a15a1661a135fecd1d5cddd51f0f3b7250c115a28808b149fd70ae7182f1b62442ffd2ecf0acd8c65c2799265668f410106cfc19328f0fa6

  • SSDEEP

    24576:yxgsRftD0C2nKGH0Djsf9nz4mloFQnpXUMPQDR6q79dA:yaSftDnGUDYf5zaCpXxPuR6E9dA

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2