blustealer | 07b5f28986974af72c104d73b7cb807065e82b812d3686dd5b9bf7636032dad0 | Triage

Submit
Reports

Overview

overview

Static

static

3

67491c190a...ec.exe

windows7-x64

67491c190a...ec.exe

windows10-2004-x64

Sharing

General

Target

67491c190a2fcaa9e6beaa3170ff36ec
Size

735KB
Sample

240119-lj6wdsbhb6
MD5

67491c190a2fcaa9e6beaa3170ff36ec
SHA1

7ca0a5302aad250079fed8c6e6ae8970a6d94bf1
SHA256

07b5f28986974af72c104d73b7cb807065e82b812d3686dd5b9bf7636032dad0
SHA512

6078548ab6c67758dd2fde1a703b77fcfc38858604086d7deacaf511fd63ee39984c7ee1fc7188503d70839ace2466f4ed8efd141513f2be9d2c2ce5e1f025f4
SSDEEP

12288:vCiBiCbOCWbmb49llets2gKf1a03Bfa0LXUOl03viwA3:vT4Nzmb49DpYf1a8a0LLC/ij

Score

10^/10

blustealer zgrat persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

67491c190a2fcaa9e6beaa3170ff36ec.exe

Resource

win7-20231215-en

blustealer zgrat persistence rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

67491c190a2fcaa9e6beaa3170ff36ec.exe

Resource

win10v2004-20231215-en

blustealer zgrat persistence rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
bojtai.club
Port:
587
Username:
[email protected]
Password:
S8(OUzB)pvph

Targets

- Target
  
  67491c190a2fcaa9e6beaa3170ff36ec
- Size
  
  735KB
- MD5
  
  67491c190a2fcaa9e6beaa3170ff36ec
- SHA1
  
  7ca0a5302aad250079fed8c6e6ae8970a6d94bf1
- SHA256
  
  07b5f28986974af72c104d73b7cb807065e82b812d3686dd5b9bf7636032dad0
- SHA512
  
  6078548ab6c67758dd2fde1a703b77fcfc38858604086d7deacaf511fd63ee39984c7ee1fc7188503d70839ace2466f4ed8efd141513f2be9d2c2ce5e1f025f4
- SSDEEP
  
  12288:vCiBiCbOCWbmb49llets2gKf1a03Bfa0LXUOl03viwA3:vT4Nzmb49DpYf1a8a0LLC/ij
Score

10^/10

blustealer zgrat persistence rat stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerzgratpersistenceratstealer

behavioral2

blustealerzgratpersistenceratstealer

© 2018-2024

Terms | Privacy