blustealer | a3b4760fbda9e11f889e4faf484d6e76d57a83cb69c0c3ad9e54d8bfc575275f | Triage

Submit
Reports

Overview

overview

Static

static

3

fd482fa226...23.exe

windows7-x64

fd482fa226...23.exe

windows10-2004-x64

Sharing

General

Target

d5a045e300184028b6a6dfc75a303307.bin
Size

840KB
Sample

230507-cf7h3sdg3t
MD5

8af834b6100054e5e086b5701b8cd636
SHA1

463a44f99b753a4a5e7fc4c499e8758dfcf6e746
SHA256

a3b4760fbda9e11f889e4faf484d6e76d57a83cb69c0c3ad9e54d8bfc575275f
SHA512

3435d3c3e8a2ed66c265f06b74892c86e578dd963bcdbdd7ea02745ae74bf87394da7640ccdf36484d8b01e6c463e5d7634fc45cd277996316c7aaabedaacd95
SSDEEP

24576:dorB1X+UqcgxiGtTdg9F/dtROfulUnSXm1SOhxHab:arX+XxiG6//8mlUSah8b

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd482fa2269db98e32ec1a0ecb21f132083e07dfdccf4baa9ec8d305c63eae23.exe

Resource

win7-20230220-en

blustealer collection stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd482fa2269db98e32ec1a0ecb21f132083e07dfdccf4baa9ec8d305c63eae23.exe

Resource

win10v2004-20230220-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5450700540:AAEJyEEV8BKgYUKmnCPZxp19kD9GVSRup5M/sendMessage?chat_id=5422342474

Targets

- Target
  
  fd482fa2269db98e32ec1a0ecb21f132083e07dfdccf4baa9ec8d305c63eae23.exe
- Size
  
  964KB
- MD5
  
  d5a045e300184028b6a6dfc75a303307
- SHA1
  
  5fc5a4a17bc5ad2e7ee4da563d5a348c618c0cf9
- SHA256
  
  fd482fa2269db98e32ec1a0ecb21f132083e07dfdccf4baa9ec8d305c63eae23
- SHA512
  
  0fb4fe0cc538995303669b8a3bb1576c0c462caee47ff2c8c2545ea760c21a4f9a36be8600295f9ea98034afc313cc63de2940b21013a04ad2d29070b539dae1
- SSDEEP
  
  24576:5MaB1dLvo9yPmx0k6F9FkjefS/cIXVaUys/FvV:5pB1Zw9yPk6fFkjCihllFv
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy