Extracted

• • Target

    2400-141-0x0000000000400000-0x0000000000654000-memory.dmp

  • Size

    2.3MB

  • MD5

    5e4d44611a4d8d2430c8211acb694967

  • SHA1

    f430285ee08c520afb744b6627437c63384f0f81

  • SHA256

    4c6787b95635786816b6cfc6547d7581a0bb1ac83be74929b7cc2270c28bf32d

  • SHA512

    1667be8948f54d0e515aba59b7f27a1597749cfcc82386dfc01450872b2ccf719246dcc8b9d9366ee3133cc8f33768bc195a78cad61483b515a7c323b3ef758a

  • SSDEEP

    24576:YxgsRftD0C2nKGL0Djsf9nz4mloFQnpXUMPQDR6q79dA:YaSftDnGYDYf5zaCpXxPuR6E9dA

  Score

  10^/10

  blustealercollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2