blustealer | 960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece | Triage

Sharing

General

Target

960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
Size

994KB
Sample

230826-crangsgb62
MD5

38b37b2b72f6071cf8345c05af05fcee
SHA1

2f42183fa45551194a1d1d0b5a10f0a91116212f
SHA256

960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
SHA512

b56315744d10d81d2a393373dc65da93f0f4b2ba48253833d3faecd0ec7a550df3d80ab45d242dfa3e42c1728447b74492dc26b9c9a4ca66e3544cb1aae8d24b
SSDEEP

24576:Qdla9gYmncCehCF2BEwT/5PrQLeOjQ8WEA48VEfxnvt:yQ9R6ehTUPjjrSVEfxnl

Score

10^/10

blustealer stealer

Malware Config

Targets

- Target
  
  960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
- Size
  
  994KB
- MD5
  
  38b37b2b72f6071cf8345c05af05fcee
- SHA1
  
  2f42183fa45551194a1d1d0b5a10f0a91116212f
- SHA256
  
  960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
- SHA512
  
  b56315744d10d81d2a393373dc65da93f0f4b2ba48253833d3faecd0ec7a550df3d80ab45d242dfa3e42c1728447b74492dc26b9c9a4ca66e3544cb1aae8d24b
- SSDEEP
  
  24576:Qdla9gYmncCehCF2BEwT/5PrQLeOjQ8WEA48VEfxnvt:yQ9R6ehTUPjjrSVEfxnl
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer