blustealer | 87554a4dd27618fd878d5a4e87564c07d104d02205e9915a09def1faa511d836 | Triage

Sharing

General

Target

343aa62ee222dbd3ca597a201b35bd4a
Size

2.3MB
Sample

231231-njd7gsfhf5
MD5

343aa62ee222dbd3ca597a201b35bd4a
SHA1

59ee3af3a680b11d36d6db44499fa7614cda09a1
SHA256

87554a4dd27618fd878d5a4e87564c07d104d02205e9915a09def1faa511d836
SHA512

d310519d378b84ecfc5b1c838f45d2eab9508ec2b25758dd593265cfd4ee825001728b8662e57df16b878835527dd661f68c0748d80eb7247c5982f6b2469980
SSDEEP

12288:WbWKPiw4bMYaWNTk9qkSa6CB/feiDgC4o9iTHhtNmVdEj1hyJ2eXNPnrEdrE:FErtYa4YlSyfDT+Hm8j1hyJxXN/odo

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.xyz
Port:
587
Username:
[email protected]
Password:
E6uOyau@R_(Q

Targets

- Target
  
  343aa62ee222dbd3ca597a201b35bd4a
- Size
  
  2.3MB
- MD5
  
  343aa62ee222dbd3ca597a201b35bd4a
- SHA1
  
  59ee3af3a680b11d36d6db44499fa7614cda09a1
- SHA256
  
  87554a4dd27618fd878d5a4e87564c07d104d02205e9915a09def1faa511d836
- SHA512
  
  d310519d378b84ecfc5b1c838f45d2eab9508ec2b25758dd593265cfd4ee825001728b8662e57df16b878835527dd661f68c0748d80eb7247c5982f6b2469980
- SSDEEP
  
  12288:WbWKPiw4bMYaWNTk9qkSa6CB/feiDgC4o9iTHhtNmVdEj1hyJ2eXNPnrEdrE:FErtYa4YlSyfDT+Hm8j1hyJxXN/odo
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2