blustealer | 360d1eff8735543b2fc45db3898addb3035ccd96a32819f4648c081221537797 | Triage

Sharing

General

Target

1252-63-0x0000000000400000-0x0000000000472000-memory.dmp
Size

456KB
Sample

230519-vw67csfa22
MD5

381ac4d9eac4d0be189d3e9ede3cc9d4
SHA1

0cf8e0b3023604284e49138d04cc7bb535c2b8f9
SHA256

360d1eff8735543b2fc45db3898addb3035ccd96a32819f4648c081221537797
SHA512

8c5bac41ad4bc71670754bace0b3fde97ddb88f0da67f6ba0e07bfbf35bd5ee1085267d92742a4977763db81a58cdd45c283af62452ce1582c624eff1661ed20
SSDEEP

12288:KWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:hxgsRftD0C2nKG

Score

10^/10

blustealer collection spyware

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5982631795:AAFe1A7BEPv_6ExMz851LxdOAjr_9gqH8zY/sendMessage?chat_id=5968311109

Targets

- Target
  
  1252-63-0x0000000000400000-0x0000000000472000-memory.dmp
- Size
  
  456KB
- MD5
  
  381ac4d9eac4d0be189d3e9ede3cc9d4
- SHA1
  
  0cf8e0b3023604284e49138d04cc7bb535c2b8f9
- SHA256
  
  360d1eff8735543b2fc45db3898addb3035ccd96a32819f4648c081221537797
- SHA512
  
  8c5bac41ad4bc71670754bace0b3fde97ddb88f0da67f6ba0e07bfbf35bd5ee1085267d92742a4977763db81a58cdd45c283af62452ce1582c624eff1661ed20
- SSDEEP
  
  12288:KWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmB0:hxgsRftD0C2nKG
Score

6^/10

collection spyware
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspyware

behavioral2

collectionspyware