Overview

overview

10

Static

static

3

6f8bb2ff11...10.exe

windows7-x64

10

6f8bb2ff11...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f8bb2ff11646a8e47c1b2a27d475010.exe

  • Size

    727KB

  • MD5

    6f8bb2ff11646a8e47c1b2a27d475010

  • SHA1

    a300b7be64343ce6ab88edb0c71f3052663674d4

  • SHA256

    35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0

  • SHA512

    97eb09ab5e244d1e367104efd1a17267390589121a58a1840e282f7ef15ceea933432168dae8caf31d6ca35af3fa9341c9f604b9e944aea86983484ace961e36

  • SSDEEP

    12288:csyxZCYQneRW88If1cmRBPA0nV2sb+xUVWcyN:cjZCr7gf1cIA0nos6Cn

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    budgetn.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    X&Y=[g89L4D/**

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f8bb2ff11646a8e47c1b2a27d475010.exe
    "C:\Users\Admin\AppData\Local\Temp\6f8bb2ff11646a8e47c1b2a27d475010.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1244
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2728
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2492
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1084
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8, 8.8.4.4, time.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2428
    • C:\Users\Admin\AppData\Local\Temp\6f8bb2ff11646a8e47c1b2a27d475010.exe
      C:\Users\Admin\AppData\Local\Temp\6f8bb2ff11646a8e47c1b2a27d475010.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
    Filesize

    7KB

    MD5

    ec7d552b3dc743b1c2257faaf6c48af6

    SHA1

    3ae26be103c86f04a49468f31e6be686cb16ae76

    SHA256

    6a8c8402dd5107b09a59cd9729a28ff73179f18ddad3c16b5f62d92941101fad

    SHA512

    e38776d0dba3cc39fe1f911cdb1517ed946e09d06b223444707e22ffa72eb33c46533cf64d8fe0c38eb40790bd914608ac21aa18b005ad325a7fc55bbf988cab

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
    Filesize

    1KB

    MD5

    d31fc42265bd9eede855226a31ff22ef

    SHA1

    bfb1362fce20e4dd41286693697939e8752784c3

    SHA256

    809eee1a02c91b4cffa77fe6e145a396fa7506335c1fd978afb3f7a4012093ed

    SHA512

    c71e7381f47ba5f39ce90845762ced3245f80e871f98018bea76daedf42e316a77f1208a24c8d133c0b44692ad776e1cd0f2d4e2db2b09f49280d104d8ccce27

    Download Submit

  • memory/836-63-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-56-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-85-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-65-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-2-0x00000000049E0000-0x0000000004A20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/836-67-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-86-0x0000000000640000-0x0000000000666000-memory.dmp

    Filesize

    152KB

    Download

  • memory/836-55-0x0000000007E20000-0x0000000007EB6000-memory.dmp

    Filesize

    600KB

    Download

  • memory/836-100-0x0000000074440000-0x0000000074B2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/836-83-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-23-0x0000000074440000-0x0000000074B2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/836-71-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-57-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-1-0x0000000074440000-0x0000000074B2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/836-30-0x00000000049E0000-0x0000000004A20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/836-59-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-61-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-81-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-79-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-69-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-77-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-75-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-73-0x0000000007E20000-0x0000000007EB0000-memory.dmp

    Filesize

    576KB

    Download

  • memory/836-0-0x0000000000B20000-0x0000000000BDC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/884-92-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/884-95-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/884-89-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/884-99-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/884-97-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/884-91-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1084-39-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1084-40-0x00000000028C0000-0x0000000002900000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1084-41-0x00000000028C0000-0x0000000002900000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1084-38-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1084-54-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1244-31-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1244-32-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1244-5-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1244-7-0x0000000002920000-0x0000000002960000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1244-6-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2428-87-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2428-52-0x0000000002750000-0x0000000002790000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2428-48-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2428-51-0x0000000002750000-0x0000000002790000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2428-49-0x0000000002750000-0x0000000002790000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2428-50-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2492-25-0x0000000002B50000-0x0000000002B90000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2492-29-0x0000000002B50000-0x0000000002B90000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2492-27-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2492-28-0x0000000002B50000-0x0000000002B90000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2492-53-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2492-26-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2492-24-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2728-14-0x0000000002E20000-0x0000000002E60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2728-16-0x0000000002E20000-0x0000000002E60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2728-17-0x0000000002E20000-0x0000000002E60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2728-15-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2728-13-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2728-42-0x000000006F690000-0x000000006FC3B000-memory.dmp

    Filesize

    5.7MB

    Download