blustealer | 1e712ef0a37d9e8d2f6ef512da2438ef05e073cde9ae6677858b9ebbd1c23b2b | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.RATXgen.24211.32173.exe.bin
Size

1.1MB
Sample

230505-zrs66agg6z
MD5

30109593131c48efe8a355f8b387dd4a
SHA1

f6d8e1eb36925ceb97024cfe2d71f3573d72a202
SHA256

1e712ef0a37d9e8d2f6ef512da2438ef05e073cde9ae6677858b9ebbd1c23b2b
SHA512

d21fa1aaca986b5b72bb6ea9f3e2da13096b38d690f1df5ec03ef8b862909f351476a032f081afb53c409a7fb189e7f7eeb324b9ce1ebfb86727a576275b9ade
SSDEEP

24576:0ylUKXJnc1+6N1CySVIJq0UZbZctLsAKb6ah:0y+K5m+ISVIJTGbetLxKb6e

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  SecuriteInfo.com.Win32.RATXgen.24211.32173.exe.bin
- Size
  
  1.1MB
- MD5
  
  30109593131c48efe8a355f8b387dd4a
- SHA1
  
  f6d8e1eb36925ceb97024cfe2d71f3573d72a202
- SHA256
  
  1e712ef0a37d9e8d2f6ef512da2438ef05e073cde9ae6677858b9ebbd1c23b2b
- SHA512
  
  d21fa1aaca986b5b72bb6ea9f3e2da13096b38d690f1df5ec03ef8b862909f351476a032f081afb53c409a7fb189e7f7eeb324b9ce1ebfb86727a576275b9ade
- SSDEEP
  
  24576:0ylUKXJnc1+6N1CySVIJq0UZbZctLsAKb6ah:0y+K5m+ISVIJTGbetLxKb6e
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer