blustealer | 35c689f6d9ff3382b9fbd46bcd79037983c2582f75b50ec19dc86f1db09fda89 | Triage

Submit
Reports

Overview

overview

Static

static

3

90382d070f...0f.exe

windows7-x64

90382d070f...0f.exe

windows10-2004-x64

Sharing

General

Target

e2b30c0c90faeeb878ed21be152d2dc1.bin
Size

1.4MB
Sample

230507-ckmz8sce26
MD5

612a92fff7663102d0b83a90e8088b81
SHA1

bcc2354b69bb486feb0d260921aa3a6044d54c01
SHA256

35c689f6d9ff3382b9fbd46bcd79037983c2582f75b50ec19dc86f1db09fda89
SHA512

0b6a985387f91d01603ceb27c8c0d37ff06a1be52228d0824ac593085b1c17b05de84c6b5154f63a0d0c263313cc8f13bbf5e21a3f16447c2fbcd89f2df9ef7d
SSDEEP

24576:6okWlrfZ+gkDzueZbs0a7OGvQhuNYhyZsl1IhU1aXYJifZy7V1yIEWyK60tcDU5+:6okWRS3uwU7MhThrbIy1aX0yZy1EWy6q

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

90382d070f58dd0a9f21d05327c2589116e2271e2cce2cce69018e1f4d836c0f.exe

Resource

win7-20230220-en

blustealer collection stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

90382d070f58dd0a9f21d05327c2589116e2271e2cce2cce69018e1f4d836c0f.exe

Resource

win10v2004-20230220-en

blustealer collection stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  90382d070f58dd0a9f21d05327c2589116e2271e2cce2cce69018e1f4d836c0f.exe
- Size
  
  1.5MB
- MD5
  
  e2b30c0c90faeeb878ed21be152d2dc1
- SHA1
  
  b64e8bbd7d23f9585a7ff9b24a61a7ab119f1769
- SHA256
  
  90382d070f58dd0a9f21d05327c2589116e2271e2cce2cce69018e1f4d836c0f
- SHA512
  
  7126633aeaeaa91f08d5c0dce6129bfb7501287cad6ac106f1c64c2ab0cb010d3b870680047ea3e9dffdb3bfccab2a9d2a11f8057dd302dfaf140b34022bd74f
- SSDEEP
  
  24576:PnQ3GQdfKrh2G8uraReOgX1yFQ+5irxTCQJ5xvCwUXZMnKfJIxzN5b2K:P9QdIuWed+sKK+CQ5CwMZMnx0
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy