blustealer | 1c5e928b5e27daa837d1ba10187397303520f5b18cf9b5da1eaf28b7f2ba0eda | Triage

Sharing

General

Target

391130ad385ed32583fd74ab73bb6c8e
Size

746KB
Sample

231231-rcx8kaabbq
MD5

391130ad385ed32583fd74ab73bb6c8e
SHA1

6c1c0fe4dff3cf10651eac1401217e3534a2bc7f
SHA256

1c5e928b5e27daa837d1ba10187397303520f5b18cf9b5da1eaf28b7f2ba0eda
SHA512

473946f7bc39b5145ff0e16323e54547766fd8e01183a7a0561c99776acd306a327eab17b5aed60736f557985443af8fe4eeb66b57daf7db94faac90dff7e04a
SSDEEP

12288:EPhS40kP3sfC6NezQkqef14elBrs0xdYRqp:EpSX7fCyLof14Qs0xa

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.xyz
Port:
587
Username:
[email protected]
Password:
r[]w2e=V+]AV

Targets

- Target
  
  391130ad385ed32583fd74ab73bb6c8e
- Size
  
  746KB
- MD5
  
  391130ad385ed32583fd74ab73bb6c8e
- SHA1
  
  6c1c0fe4dff3cf10651eac1401217e3534a2bc7f
- SHA256
  
  1c5e928b5e27daa837d1ba10187397303520f5b18cf9b5da1eaf28b7f2ba0eda
- SHA512
  
  473946f7bc39b5145ff0e16323e54547766fd8e01183a7a0561c99776acd306a327eab17b5aed60736f557985443af8fe4eeb66b57daf7db94faac90dff7e04a
- SSDEEP
  
  12288:EPhS40kP3sfC6NezQkqef14elBrs0xdYRqp:EpSX7fCyLof14Qs0xa
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer