blustealer | f4537ab3fdeb176d352dca40facb96f493d634f7d03140e2275be2ea33678e33 | Triage

Sharing

General

Target

3d695f1b4db5a0635d43e1cd1b9d48ae.bin.bin
Size

781KB
Sample

230501-tpjbaaca36
MD5

334c2103c82168a143082fa2cc8b1027
SHA1

770f4d5db3f31e11c1857a39c7712ebdbd7f52dd
SHA256

f4537ab3fdeb176d352dca40facb96f493d634f7d03140e2275be2ea33678e33
SHA512

beb0e5de5e97b10504a3851356127ca75b5421d67a9e8737e76f74370f226f4a5de7963a02848d7dabf131c756e0b64bcef3736c5c7ad2e7694be3ad1d3784c0
SSDEEP

12288:sXV3VpViR/z+L5kUV8IoeB1tqnrSz6cSnGO8OCk0CdbOAbda1Wo6VFBHb/a:sXxBM/wkTW1Enmz6NGOlCkVbOAGWv/a

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0.exe
- Size
  
  851KB
- MD5
  
  3d695f1b4db5a0635d43e1cd1b9d48ae
- SHA1
  
  377936812ab222b69380049be6ad28208e135603
- SHA256
  
  a83688213da481b066908e16d7a2206180627bcef8c69e4fe756dc06c5c35ec0
- SHA512
  
  268e47ebb3d159ee3c33a0b0b5d8c4a272430544c01ff2c66c7918fabcba66e784edebd435e1200f0c0ce44c317b771f3b076d4548f9fbcd905079d47a434185
- SSDEEP
  
  12288:Y+vTN8RVtfK8cyo7qyy8SpCrqLKL2MhkHEmY4FrHSzn7rwR8mGyqF7qbnZ4Xb:Y6TNUVU8cmJ4rM3akk14JH+n78Z4Xb
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer