blustealer | bd7b03186f9bb6ec5ba764de82d56c9d7b29def90837cb903c6fc24e9d7ad937 | Triage

Submit
Reports

Overview

overview

Static

static

3

PI-12042023-02.exe

windows7-x64

PI-12042023-02.exe

windows10-2004-x64

Sharing

General

Target

PI-12042023-02.gz
Size

1.4MB
Sample

230525-acpsrafg6x
MD5

a1166d0c7e618df3a7f76725e6153db6
SHA1

140da05c3195a76afdf2f4a5a11b7c07c0efac13
SHA256

bd7b03186f9bb6ec5ba764de82d56c9d7b29def90837cb903c6fc24e9d7ad937
SHA512

837cd131a9b62619c87121d1c54dc52bcd1a78bbdb61f01294d655fc4e64fdbec40a70f303209e6739306b0d9b4601ba8d5f128ee54e7e7ee74cae2b2861b907
SSDEEP

24576:jAHmZebmf9Yziphn6jv5Po31pkMz97pdeJNI8hWkl3eWdKR8gnoM5ijI+mTLZ0B:UHzCqziCaBZ3ftAK8go8ij4LOB

Score

10^/10

blustealer collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PI-12042023-02.exe

Resource

win7-20230220-en

blustealer stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PI-12042023-02.exe

Resource

win10v2004-20230220-en

blustealer collection spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  PI-12042023-02.exe
- Size
  
  1.5MB
- MD5
  
  49dfa3ff454a308c963c3fbcf8c6281d
- SHA1
  
  7ce1a8671508cf9449b5a962288d92a8cfca9a7e
- SHA256
  
  dd108cf78013ce269848a78918fb30c55b4fb0c93634777640994fda1c79ec11
- SHA512
  
  7ca847ff5f94c2d9654cc59f252bb96175515cfc46fca11bd40cfdbda676600ffb9eaedb9ad09632d14273ae251fc566d14b5ac3e2d0d0118ec95fa5c3d84735
- SSDEEP
  
  24576:B2N8jiZ4zypIPs1JTDE5PjxDurIr7TX9OAg6/+tkF4PU35yys8NuQsRuj7+oboBv:B2N8jiZ4zypIP4JTDE5Pj0rI/TIbE+tj
Score

10^/10

blustealer stealer collection spyware
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealercollectionspywarestealer

© 2018-2024

Terms | Privacy