blustealer | 1d1911dd777bedb77f8617e8165ae5efea4b01ebcc71c2c8e597f6fd4e6135e8 | Triage

Sharing

General

Target

664-63-0x0000000000400000-0x0000000000491000-memory.dmp
Size

580KB
Sample

230510-rv687age66
MD5

04a164dd70036b52c189f38909b97a38
SHA1

a87b1e840a6d8d53fab0c8652a3d3330038a639d
SHA256

1d1911dd777bedb77f8617e8165ae5efea4b01ebcc71c2c8e597f6fd4e6135e8
SHA512

261de1a288ce8a340739768645b5823b427788d2818d070fd85eae30993e2319d64924d87c25490719a7a83a4678194dc41abb3330f09b07452abe509ffe9c30
SSDEEP

12288:N6L9TYP+Hx3rwJ5GUwnjXfS8qplKOEngfA:N6pTY2rwJ0U4jXf6T5o

Score

10^/10

blustealer spyware stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.adm.tools
Port:
587
Username:
[email protected]
Password:
18iF5VUdC9xf

Targets

- Target
  
  664-63-0x0000000000400000-0x0000000000491000-memory.dmp
- Size
  
  580KB
- MD5
  
  04a164dd70036b52c189f38909b97a38
- SHA1
  
  a87b1e840a6d8d53fab0c8652a3d3330038a639d
- SHA256
  
  1d1911dd777bedb77f8617e8165ae5efea4b01ebcc71c2c8e597f6fd4e6135e8
- SHA512
  
  261de1a288ce8a340739768645b5823b427788d2818d070fd85eae30993e2319d64924d87c25490719a7a83a4678194dc41abb3330f09b07452abe509ffe9c30
- SSDEEP
  
  12288:N6L9TYP+Hx3rwJ5GUwnjXfS8qplKOEngfA:N6pTY2rwJ0U4jXf6T5o
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2