blustealer | c7b62d2eddca1acf1d394dc03808ecb370c2125ae55786628ad856f55c71b9f8 | Triage

Sharing

General

Target

c7b62d2eddca1acf1d394dc03808ecb370c2125ae55786628ad856f55c71b9f8
Size

162KB
Sample

230814-stjl6seh4w
MD5

7a5a25c84745b9eff14d6ede544150b0
SHA1

48baf94f77091d63bd22067aa064c966f60bf55c
SHA256

c7b62d2eddca1acf1d394dc03808ecb370c2125ae55786628ad856f55c71b9f8
SHA512

cb8f866f8c05d0094818c8063be0c11974bfba01f8923718b4687fc0956f0590036f2f120c9c50278426c1e2d8d271a6b027044d1115b3ac3782400657c8864f
SSDEEP

1536:kiiHA0C/fLKpoTNxrNnubIq59PdTvdl5PAaZ/Sv93Q28FHDdD:5iiLKpS/Ni59P1tfhAP8tDd

Score

10^/10

blustealer persistence spyware stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5518827253:AAGOg42FA-LTJl6MOuvPuukxFyV4dUBJ5rM/sendMessage?chat_id=1223462240

Targets

- Target
  
  Product Spec.exe
- Size
  
  112KB
- MD5
  
  d59c27e2eb8d505a78b0d57801750df5
- SHA1
  
  947335b0768c0e6c63d6b3185785ebbe71538511
- SHA256
  
  d8dc20517ab9336ee7bbfee1416a5c6ec0cb2cf63400c803858c7c1db4f4f837
- SHA512
  
  b3a568be8db5d6edf098a7157cb53782e84efcc81ed8ba5cf0f5ee60e51dccc0343bff580c2c066c95a61ba2c1656819b4b52b3974de44e4531518b972ab3842
- SSDEEP
  
  1536:AiiHA0C/fLKpoTNxrNnubIq59PdTvdl5PAaZ/Sv93Q28FHDd:NiiLKpS/Ni59P1tfhAP8tDd
Score

10^/10

blustealer persistence spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerpersistencespywarestealer