blustealer | fce1e5d65d8375a41cd61ec690febb3ca3d2b6745194cc7b0f54727bf48197a9 | Triage

Sharing

General

Target

6c90d471c7fa59b51f1a820b0fada9e3
Size

2.3MB
Sample

240121-g1smwagcd9
MD5

6c90d471c7fa59b51f1a820b0fada9e3
SHA1

b3ec13231b0bf2cd938c8edb531f6fc087bdb083
SHA256

fce1e5d65d8375a41cd61ec690febb3ca3d2b6745194cc7b0f54727bf48197a9
SHA512

11da870880f5070a477d9ae76d7ddee310c9e79c164c098a912625c166e7d06af214687b9e1cc4fe9b8345bf7e0b696f790b435467fd5a5a02d9106942cc8197
SSDEEP

12288:e7tckxtGtCP7svhJrXFlrO02jle+qcs2eXNPnrEdrE:e7JxUtAsvhRDZO/qcsxXN/odo

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
bojtai.xyz
Port:
587
Username:
[email protected]
Password:
(mr.GT^Eg#C6

Targets

- Target
  
  6c90d471c7fa59b51f1a820b0fada9e3
- Size
  
  2.3MB
- MD5
  
  6c90d471c7fa59b51f1a820b0fada9e3
- SHA1
  
  b3ec13231b0bf2cd938c8edb531f6fc087bdb083
- SHA256
  
  fce1e5d65d8375a41cd61ec690febb3ca3d2b6745194cc7b0f54727bf48197a9
- SHA512
  
  11da870880f5070a477d9ae76d7ddee310c9e79c164c098a912625c166e7d06af214687b9e1cc4fe9b8345bf7e0b696f790b435467fd5a5a02d9106942cc8197
- SSDEEP
  
  12288:e7tckxtGtCP7svhJrXFlrO02jle+qcs2eXNPnrEdrE:e7JxUtAsvhRDZO/qcsxXN/odo
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer