blustealer | b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e | Triage

Submit
Reports

Overview

overview

Static

static

3

b5145ccf5d...9e.exe

windows7-x64

b5145ccf5d...9e.exe

windows10-2004-x64

Sharing

General

Target

b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e.exe
Size

992KB
Sample

230608-pmq6wsfc65
MD5

84bcb19b24fb3cf44188d8ea5e8a080f
SHA1

f6a1b91c039a3ce6cff9bf160725a4d2dae6df81
SHA256

b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e
SHA512

03658af693ef7d3754277e506e0aaf71402ab675ea4618adee8dcd34c50e1e49e5349dd6e92d6dd02f5abb72feb76d97aace506a6fc16f9ce01f1ad1f8902e32
SSDEEP

24576:8qPLaVUH999QYDtn9pvEni933gMciIX0GJ/llyoWD/H:fBH9QYDvpvwXMcpX0GJ/llQ

Score

10^/10

blustealer collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e.exe

Resource

win7-20230220-en

blustealer collection stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e.exe

Resource

win10v2004-20230220-en

blustealer collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e.exe
- Size
  
  992KB
- MD5
  
  84bcb19b24fb3cf44188d8ea5e8a080f
- SHA1
  
  f6a1b91c039a3ce6cff9bf160725a4d2dae6df81
- SHA256
  
  b5145ccf5ded090001d3a5368ad32b5b4853f1b2153e55beae9ff0ba543e449e
- SHA512
  
  03658af693ef7d3754277e506e0aaf71402ab675ea4618adee8dcd34c50e1e49e5349dd6e92d6dd02f5abb72feb76d97aace506a6fc16f9ce01f1ad1f8902e32
- SSDEEP
  
  24576:8qPLaVUH999QYDtn9pvEni933gMciIX0GJ/llyoWD/H:fBH9QYDvpvwXMcpX0GJ/llQ
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy