blustealer | 45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603 | Triage

Sharing

General

Target

45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603
Size

1024KB
Sample

230608-pn3ajsfc76
MD5

a1effb2cfe2a999d25a2f16a3271b0ec
SHA1

68752a3d1b5c2837829f4b1e9d59fa7529d4ed07
SHA256

45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603
SHA512

6b335e536919c03b69d60aa645642e253cc12aee2ec9396585114870370f25b3ba5994742b6676c770528a718c3af1ceee086bac93d554b6d043dbd6639301a8
SSDEEP

24576:S9LaVUH999wbJG2Bzr7G9Fvqp8vYtY3aoT55ybAt:+BH9w1Havq6vYS34bA

Score

10^/10

blustealer collection stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603
- Size
  
  1024KB
- MD5
  
  a1effb2cfe2a999d25a2f16a3271b0ec
- SHA1
  
  68752a3d1b5c2837829f4b1e9d59fa7529d4ed07
- SHA256
  
  45c0d4c42e3d98c94d5ae01270b7b0adfe3de2454520fa7b423f0fc9e2f49603
- SHA512
  
  6b335e536919c03b69d60aa645642e253cc12aee2ec9396585114870370f25b3ba5994742b6676c770528a718c3af1ceee086bac93d554b6d043dbd6639301a8
- SSDEEP
  
  24576:S9LaVUH999wbJG2Bzr7G9Fvqp8vYtY3aoT55ybAt:+BH9w1Havq6vYS34bA
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer