blustealer | 2a8dad48d4a81e1752e71f2f37a53a0ba4625f42bcea193b1783ac2c8f8e308c | Triage

Sharing

General

Target

Refrence Order-pdf.bat
Size

10KB
Sample

230605-nljjzsgb86
MD5

4daca09eea0303437005ee1177a9c89d
SHA1

498cbf6e942f13faa025e6de36418bdffcd39c67
SHA256

2a8dad48d4a81e1752e71f2f37a53a0ba4625f42bcea193b1783ac2c8f8e308c
SHA512

e2cfb0e2b5a12e5ea4070ab3620abb73c32cbaba4f2eb9cbd38129ce78a1a4be26bfde949035c00c9f0c8df942e8b23868c0c1d11c24d38ff5d5b77db75d92c4
SSDEEP

192:+i0ah4iG/cgecityXTIM7YMl75qoC7SQTGnp1AK1DeYyRwyZyZzPHkV8UKXoO:HhLG/ZwY7YMlMSf7j1pyRwyZy1kV8V4O

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.dphe.gov.bd
Port:
587
Username:
[email protected]
Password:
@DphE20#

Targets

- Target
  
  Refrence Order.exe
- Size
  
  22KB
- MD5
  
  bb639f8c81d9cf4a49e72015d7c75735
- SHA1
  
  91d717df3b5a1b833a60b5e2eb4d8f1c10555c62
- SHA256
  
  24c162c82ab104894354b4869e0f44ca289ae06b535827a7aefc08982effd2c9
- SHA512
  
  59b7137c0ef51746057b5dfd8ff09168a63e120898711914e7acb67393c109808ec73b77a56265de74b48e11ddc8ab4a81115e9c9435ebe019ec2a48eedad7f1
- SSDEEP
  
  384:TPHG946aVb9BezNZUG9bxcJ4SKKpK+dwQQC9EOAtFgyl8j3Bl//9NKa2HovbzOvp:jvV5vfDJHjRj3BxVTWJ1w3tXqSK
Score

10^/10

blustealer stealer collection
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealercollectionstealer