blustealer | bd3973a8f4d06de92f6efbb05e6de967464599367b3601b05da5d259e10746ca | Triage

Submit
Reports

Overview

overview

Static

static

3

dafbb2a0e6...05.exe

windows7-x64

1

dafbb2a0e6...05.exe

windows10-2004-x64

Sharing

General

Target

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.zip
Size

1.4MB
Sample

230502-196ewaee8z
MD5

c4ea81a03628221e60cfe7a636584e75
SHA1

eb61233d4f564c6efb1f07060bd4145222c43758
SHA256

bd3973a8f4d06de92f6efbb05e6de967464599367b3601b05da5d259e10746ca
SHA512

f45fc7187569a6b7041c4228382d587efa9994386ae56e524ad57b45f7fc803cad9623074ebcd8b0776568d3b571ad93ec2496f060f63e047c499a9d3e5e721e
SSDEEP

24576:WgcM7N1tB5/JG+G4KFwBQhyGYuC25goxd2xQRRu9ig1TKZKVMbFCOah01Bnyg:WTWN17bKNhyGk2vxdqQgZwZKVMbF9a8z

Score

10^/10

blustealer collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe

Resource

win10v2004-20230220-en

blustealer collection spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe
- Size
  
  1.6MB
- MD5
  
  e90e41677f6030ffc3eac62929ced1d9
- SHA1
  
  edb0a2acdec33328a864ac178bfb0b42a2e0d444
- SHA256
  
  dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205
- SHA512
  
  a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa
- SSDEEP
  
  24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealercollectionspywarestealer

© 2018-2024

Terms | Privacy