blustealer | 2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d | Triage

Sharing

General

Target

2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d
Size

1.1MB
Sample

230510-pymb3sga59
MD5

03ce9015af0ef971e98d2dba83a3afd6
SHA1

1cf9797ff0f5c61dbb7efa4c6ed3e5cd10bca40c
SHA256

2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d
SHA512

7bff23a60fe8d6535a796a2f31398d333ca7bd0be84ba19c7c5c96af6c067b11fec94a648fc80fa442f4c96e79ad6e62e308c2086ce894296f86ae9941d9316b
SSDEEP

24576:DYSY2O/D45coTCaQkN4NUlPDYI5Qqu7JFZvJY:USDO/mcoCaQSl7A/9

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.adm.tools
Port:
587
Username:
[email protected]
Password:
18iF5VUdC9xf

Targets

- Target
  
  2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d
- Size
  
  1.1MB
- MD5
  
  03ce9015af0ef971e98d2dba83a3afd6
- SHA1
  
  1cf9797ff0f5c61dbb7efa4c6ed3e5cd10bca40c
- SHA256
  
  2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d
- SHA512
  
  7bff23a60fe8d6535a796a2f31398d333ca7bd0be84ba19c7c5c96af6c067b11fec94a648fc80fa442f4c96e79ad6e62e308c2086ce894296f86ae9941d9316b
- SSDEEP
  
  24576:DYSY2O/D45coTCaQkN4NUlPDYI5Qqu7JFZvJY:USDO/mcoCaQSl7A/9
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2