blustealer | 51c7daba9cec9dcb856188ccb4eeea801c911591aeecd1b501f571f7cccfec7f | Triage

Sharing

General

Target

2752-72-0x0000000000400000-0x000000000046D000-memory.dmp
Size

436KB
Sample

230718-xfdk8aea31
MD5

59ddee1aa8f59642aba0a86c600149ad
SHA1

7202045ff2ec39d24d2e48f07a1de0c9a1cb7edd
SHA256

51c7daba9cec9dcb856188ccb4eeea801c911591aeecd1b501f571f7cccfec7f
SHA512

9bb007774a87b3d9e0a866070646eec8d9605d9f0a681b44225d11001d21a681d059731efffcb1ef030126cb0f448c943a8b7c4dff2543e28b623e4d1031f77d
SSDEEP

12288:JWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBcJ:2xgsRftD0C2nKGu

Score

10^/10

blustealer collection

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6120911772:AAEvnEDbWRlbIuD1NP8MtmiY3tQ46T9SQyo/sendMessage?chat_id=6082430866

Targets

- Target
  
  2752-72-0x0000000000400000-0x000000000046D000-memory.dmp
- Size
  
  436KB
- MD5
  
  59ddee1aa8f59642aba0a86c600149ad
- SHA1
  
  7202045ff2ec39d24d2e48f07a1de0c9a1cb7edd
- SHA256
  
  51c7daba9cec9dcb856188ccb4eeea801c911591aeecd1b501f571f7cccfec7f
- SHA512
  
  9bb007774a87b3d9e0a866070646eec8d9605d9f0a681b44225d11001d21a681d059731efffcb1ef030126cb0f448c943a8b7c4dff2543e28b623e4d1031f77d
- SSDEEP
  
  12288:JWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBcJ:2xgsRftD0C2nKGu
Score

6^/10

collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2