blustealer | 582741317b53c32600953ffc2daf7f02f32f9153f90a1f0ff6166f3791b52404 | Triage

Sharing

General

Target

6d10f518c4de138b5c18d2f4dbd895bc
Size

727KB
Sample

231222-fn9vysgbem
MD5

6d10f518c4de138b5c18d2f4dbd895bc
SHA1

24eaf3a15a15111d304992b6a7a934610c6d28dc
SHA256

582741317b53c32600953ffc2daf7f02f32f9153f90a1f0ff6166f3791b52404
SHA512

68dd265f8b47289e71439217c457be7507d59f618a1630e94f13ed585c1d6febe8b3c8ced735810cf39b9b74d52affd64c382d73566c21fa5f0e7d171f1c97e5
SSDEEP

12288:csyxZCYQneRW88If1cmRBPA0nV2sb+xUVWcyNc:cjZCr7gf1cIA0nos6Cn/

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
X&Y=[g89L4D/**

Targets

- Target
  
  6d10f518c4de138b5c18d2f4dbd895bc
- Size
  
  727KB
- MD5
  
  6d10f518c4de138b5c18d2f4dbd895bc
- SHA1
  
  24eaf3a15a15111d304992b6a7a934610c6d28dc
- SHA256
  
  582741317b53c32600953ffc2daf7f02f32f9153f90a1f0ff6166f3791b52404
- SHA512
  
  68dd265f8b47289e71439217c457be7507d59f618a1630e94f13ed585c1d6febe8b3c8ced735810cf39b9b74d52affd64c382d73566c21fa5f0e7d171f1c97e5
- SSDEEP
  
  12288:csyxZCYQneRW88If1cmRBPA0nV2sb+xUVWcyNc:cjZCr7gf1cIA0nos6Cn/
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer