blustealer | 5f0206e0b04e154ffec77bf3a50d5f863d875b909d13bd1ae4f7dcba79157634

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 12:31

Target

Scan0007.exe
Size

882KB
MD5

535deefc0c2866703f5a24782aa5b090
SHA1

1065b8088c3c0a21a7b45c32b1f3b27705e17d40
SHA256

be7f48bc769105639774263b5a730b3960eac5fac8ba019d19a06aca81ebb946
SHA512

f36fac63b6ee1080eb88daf0ad3ffee9a1bb3a1b4afa02e96455b3dbd2aa8fbf7eb32055e477043a7a0363ec14ac3b43ea40260ed91afbff456894680670b5ac
SSDEEP

12288:QUBDMmZriMmjwc+/aOU2xglqHo9a6NWPXjPb9jgTBvY9GhOEGUAV38I:IyrY565glqI46NWPjqBvzOcAm

Score

10^/10

Family

blustealer

Credentials

BluStealer
A Modular information stealer written in Visual Basic.
stealer blustealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3060 set thread context of 2596	3060	Scan0007.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2596	Scan0007.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28
PID 3060 wrote to memory of 2596	3060	Scan0007.exe	28

C:\Users\Admin\AppData\Local\Temp\Scan0007.exe
"C:\Users\Admin\AppData\Local\Temp\Scan0007.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\Scan0007.exe
  "C:\Users\Admin\AppData\Local\Temp\Scan0007.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2596

memory/2596-14-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2596-10-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2596-20-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2596-16-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2596-8-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2596-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2596-9-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3060-6-0x0000000005B00000-0x0000000005B94000-memory.dmp

Filesize
592KB

Download
memory/3060-4-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download
memory/3060-0-0x0000000000AE0000-0x0000000000BC2000-memory.dmp

Filesize
904KB

Download
memory/3060-7-0x0000000004C70000-0x0000000004CCE000-memory.dmp

Filesize
376KB

Download
memory/3060-5-0x0000000004CD0000-0x0000000004D10000-memory.dmp

Filesize
256KB

Download
memory/3060-1-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download
memory/3060-17-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download
memory/3060-3-0x0000000000800000-0x000000000081C000-memory.dmp

Filesize
112KB

Download
memory/3060-2-0x0000000004CD0000-0x0000000004D10000-memory.dmp

Filesize
256KB

Download