Extracted

• • Target

    427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe

  • Size

    1.4MB

  • MD5

    34aa0ca40863c30653a0b6ba10d3daa2

  • SHA1

    c5dbbc9a3f6d537ab49aeb89223810cd67c256f7

  • SHA256

    427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9

  • SHA512

    34e46909f3ea586033baa5f73ecbf1f5072f2d05cfaf77f6ab2535ee0798f01427b1e62719fc4026f4b38af03e445a33ff2deb22ef9817ab42e506cfb5cb10d2

  • SSDEEP

    24576:O94Lauo2BLrZ6dj7Wd50QKQIsBJXkQsUc/i/Egj87qLom0Y5m6Uy:O/uHrZ6WPKQ5X0QsUN/EgQ7qEmv

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2