blustealer | ff88f280e6d48494723b82fa19c527100060cde90bb69910cb143d21380176ab | Triage

Submit
Reports

Overview

overview

Static

static

1312-63-0x...ry.exe

windows7-x64

1312-63-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1312-63-0x0000000000400000-0x0000000000654000-memory.dmp
Size

2.3MB
Sample

230516-khhlqsae4y
MD5

6f613c9c5a4865c256f134b610e04815
SHA1

bfed40e54d1c5790fc9fa5c2f21c0c3ac9e05073
SHA256

ff88f280e6d48494723b82fa19c527100060cde90bb69910cb143d21380176ab
SHA512

a0f05eae7be3ba4317f031b366530bee42604bea3ee74c3ab80b5963c7fcefcce7813fb944bfb238ea7cbec2da2e0447d7e4a42d8513e081880e14a8a6dad1d8
SSDEEP

12288:yWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:5xgsRftD0C2nKG

Score

10^/10

blustealer stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1312-63-0x0000000000400000-0x0000000000654000-memory.exe

Resource

win7-20230220-en

blustealer stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

1312-63-0x0000000000400000-0x0000000000654000-memory.exe

Resource

win10v2004-20230221-en

blustealer stealer

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  1312-63-0x0000000000400000-0x0000000000654000-memory.dmp
- Size
  
  2.3MB
- MD5
  
  6f613c9c5a4865c256f134b610e04815
- SHA1
  
  bfed40e54d1c5790fc9fa5c2f21c0c3ac9e05073
- SHA256
  
  ff88f280e6d48494723b82fa19c527100060cde90bb69910cb143d21380176ab
- SHA512
  
  a0f05eae7be3ba4317f031b366530bee42604bea3ee74c3ab80b5963c7fcefcce7813fb944bfb238ea7cbec2da2e0447d7e4a42d8513e081880e14a8a6dad1d8
- SSDEEP
  
  12288:yWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB:5xgsRftD0C2nKG
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer

© 2018-2024

Terms | Privacy