blustealer | 7a62f4e361c2f327d6d3949e1d05ba5a9d36bf88e25a1fe567e037bbc8943a94 | Triage

Submit
Reports

Overview

overview

Static

static

3

dafbb2a0e6...05.exe

windows7-x64

dafbb2a0e6...05.exe

windows10-2004-x64

Sharing

General

Target

e90e41677f6030ffc3eac62929ced1d9.bin
Size

1.4MB
Sample

230505-y2dnsaed51
MD5

9ba474955dff5b9da32e0e06b566f579
SHA1

bf74d95ac419976dd399e31288a29494bfa0d626
SHA256

7a62f4e361c2f327d6d3949e1d05ba5a9d36bf88e25a1fe567e037bbc8943a94
SHA512

8535229bb576e1729f19550b4e4d4ce0daea13f5f99699e7937a57454c9bf824f0ac9bfb20b934e9701ba2f1eaaf26b3cc9046735ca22956232c2ad77a2b55cf
SSDEEP

24576:lLZkQBnWiEvIvodRKSMY+hg3llP6XysF2CCAEaSJzuRyfElEX:lLZkbj3hM1eVRmZcRuRyfEq

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe

Resource

win7-20230220-en

blustealer collection stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe

Resource

win10v2004-20230220-en

blustealer collection stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205.exe
- Size
  
  1.6MB
- MD5
  
  e90e41677f6030ffc3eac62929ced1d9
- SHA1
  
  edb0a2acdec33328a864ac178bfb0b42a2e0d444
- SHA256
  
  dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205
- SHA512
  
  a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa
- SSDEEP
  
  24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy