Extracted

• • Target

    2168-140-0x0000000000400000-0x0000000000654000-memory.dmp

  • Size

    2.3MB

  • MD5

    58ed8a64599dbf61e2d8083b2c40107e

  • SHA1

    c19e34b59e5ccff5657a1da29308c1015539df2a

  • SHA256

    96f62d789e0958b3dc3cf346997044f128d29098116e340786993b5308209806

  • SHA512

    0a461dd6fbd337452e2a580d0b381642e6ea4cd8f9b863008295fc1671c65ee6dc35886d9dd5fd46960d1c8649c8334898f2be89224a0b21cc824925333fb531

  • SSDEEP

    24576:8xgsRftD0C2nKGt0Djsf9nz4mloFQnpXUMPQDR6q79dA:8aSftDnGCDYf5zaCpXxPuR6E9dA

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2