blustealer | cba897dc82a468040a082fd6135edecb8dcdcd0f0fe1375adeaeff3262cc6504 | Triage

Sharing

General

Target

c156f5367443c436b6a54f16a725d261
Size

693KB
Sample

231222-rrttpacec2
MD5

c156f5367443c436b6a54f16a725d261
SHA1

774549155b8bf2a455db51444ed3cb277081ca6b
SHA256

cba897dc82a468040a082fd6135edecb8dcdcd0f0fe1375adeaeff3262cc6504
SHA512

b796c81cba0ba75cda33252adbf4ee40b659a7c714e4bce1e81c3d39ada8555bd890ad9930c3ae9657e3460b696e3a26514a960a8d86b968953859aa7ce7be3b
SSDEEP

12288:EiJe4CK2mMmVlyJFlIjh5eSrrFowfviTwkAKc:EDK2mRi3IjjeZwfvi0/

Score

10^/10

blustealer stealer

Malware Config

Targets

- Target
  
  c156f5367443c436b6a54f16a725d261
- Size
  
  693KB
- MD5
  
  c156f5367443c436b6a54f16a725d261
- SHA1
  
  774549155b8bf2a455db51444ed3cb277081ca6b
- SHA256
  
  cba897dc82a468040a082fd6135edecb8dcdcd0f0fe1375adeaeff3262cc6504
- SHA512
  
  b796c81cba0ba75cda33252adbf4ee40b659a7c714e4bce1e81c3d39ada8555bd890ad9930c3ae9657e3460b696e3a26514a960a8d86b968953859aa7ce7be3b
- SSDEEP
  
  12288:EiJe4CK2mMmVlyJFlIjh5eSrrFowfviTwkAKc:EDK2mRi3IjjeZwfvi0/
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer