blustealer | 9b538c435ab6de2bd8577f37d67c0993ec354654e1ee273c7a16f8862f0eff32 | Triage

Sharing

General

Target

50a1ee46c4a23ce01fc2a3dbeeae0957.bin
Size

395KB
Sample

231012-kwcbwabg58
MD5

b907024da49a5d6f9ed74b81dc5c3dec
SHA1

887507e41c20a34a33c6f7fd8c1c31672fa09725
SHA256

9b538c435ab6de2bd8577f37d67c0993ec354654e1ee273c7a16f8862f0eff32
SHA512

3e8314eef1e444605e4d758e11557b33b5b47df2568d602bda1dc3dc4fcea9b2bf42a75e67fb80d276e39bc6450901ef6bc0dc0c7729c5fb3d1f182e58157ef4
SSDEEP

12288:pGHoZdt3dHcT8gXP1RmD4Xj4MiupmWFJYa3PmNaICG7Ns:pTft3d2XPmD4T4wmAJf/m0IXNs

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6248591734:AAEzUnQOvdK0MyjtgWK-67i4B3jKl9uZDqU/sendMessage?chat_id=5472437377

Targets

- Target
  
  f7206d9e9216ea73a6c530c165866ed0d8605b7f549754c06d6599366ef04441.bin
- Size
  
  1.1MB
- MD5
  
  50a1ee46c4a23ce01fc2a3dbeeae0957
- SHA1
  
  5bc2f16a04bed1964d2f3d5e600be72523676d1b
- SHA256
  
  f7206d9e9216ea73a6c530c165866ed0d8605b7f549754c06d6599366ef04441
- SHA512
  
  0dc905c16c0eea2cce71b60783309e60c0d8a99970c3b35a520dbf23b5a6c31ecb871938ab7b8a02f27cdc9a2cf01c1607719fbde1264ad2e2c642d139c41fb8
- SSDEEP
  
  12288:BwsDLV2dAFLH9i4yt5n/1bZVfn5TjzwrcMf4EIubL0cgGRjxxFLawAfttTObddLD:WsDx2dAFD9i4ytlVl3IJxxFL1AlMSAX
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer