Overview

overview

10

Static

static

3

30c9249824...9b.exe

windows7-x64

10

30c9249824...9b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30c9249824971b80aec6d2458374a09b.exe

  • Size

    879KB

  • MD5

    30c9249824971b80aec6d2458374a09b

  • SHA1

    ba9c7ff0ebd880a0af019aba4948d898821318bd

  • SHA256

    c6f6c1f109775f68b9be3920c5c46d0f5ae5b8b45d45c11abaf952b6098039a0

  • SHA512

    1bcfce1e0ee81393e02f2e80521e48b2d6f22298d49f2fe10d0b7e3d2ab9fe472dcb7e19007d029d5d11c06535f3ce48ac402f00bad813b4124ffb7011bf2afd

  • SSDEEP

    12288:aKoLScJXjvekjHRUhZFhcc1MNQpkzdsd7mWArXlQ02qTSS0+Y0Ut855u1e+cO:ENDfHR0NnUQ2moQc2S0+YJV9

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    smtp.1and1.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Somunics.1234

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe
    "C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe
      "C:\Users\Admin\AppData\Local\Temp\30c9249824971b80aec6d2458374a09b.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-3-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/1524-5-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/1524-8-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2244-1-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2244-2-0x00000000000F0000-0x00000000000F2000-memory.dmp

    Filesize

    8KB

    Download