blustealer | 4677198e0721af982c01a7ffaafb2f29ae83ebaeb7a510d9d58ba260c74b1960 | Triage

Sharing

General

Target

70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45.zip
Size

959KB
Sample

230716-dvyp6ace38
MD5

e54b4267f9bdb277085e581938cb9770
SHA1

e8ca1b0b420806b8ac43c2a7d4e3fb2da88f462c
SHA256

4677198e0721af982c01a7ffaafb2f29ae83ebaeb7a510d9d58ba260c74b1960
SHA512

56279aa8a90e229483b6c1dfbe908c6de0817e92589d64deb311dd1b043c06f5c9789687bbe2a687fcf47583a8553e74c5f17308f2892403aea6edcdec1d5b6a
SSDEEP

24576:NE3BCYquzUNZv6A5MtRk+7dWjzgRgvnvdE5TUz4dt:NE3SuUZo0+7cPgRenvdJ4dt

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.aakarveneers.com
Port:
587
Username:
[email protected]
Password:
milin@1982

Targets

- Target
  
  70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45.exe
- Size
  
  1.4MB
- MD5
  
  ed164e11ea8f141236b6196dac5bd879
- SHA1
  
  d06277b3d82a10ffeced147870a1c7cc65947ae0
- SHA256
  
  70fa0912521fe919667f8ba2ab28d1e0239b48d860fe7ce0ac7637b4b7282c45
- SHA512
  
  996973f75d75a179091211a3d86f91138565add95f7d34089d9610fcfc4ba228c91d1fc830f2f49146db4752270c51702caaf4513fe6cd15df5f5a84427bdd55
- SSDEEP
  
  24576:7fdsbW0F+Rhk0JgdIpsiwO/QGoWP2qQF+2:O6k0i2qAQGoie
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerstealer

behavioral3

blustealerstealer