blustealer | 5f0206e0b04e154ffec77bf3a50d5f863d875b909d13bd1ae4f7dcba79157634

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 12:31

Target

Scan0007.exe
Size

882KB
MD5

535deefc0c2866703f5a24782aa5b090
SHA1

1065b8088c3c0a21a7b45c32b1f3b27705e17d40
SHA256

be7f48bc769105639774263b5a730b3960eac5fac8ba019d19a06aca81ebb946
SHA512

f36fac63b6ee1080eb88daf0ad3ffee9a1bb3a1b4afa02e96455b3dbd2aa8fbf7eb32055e477043a7a0363ec14ac3b43ea40260ed91afbff456894680670b5ac
SSDEEP

12288:QUBDMmZriMmjwc+/aOU2xglqHo9a6NWPXjPb9jgTBvY9GhOEGUAV38I:IyrY565glqI46NWPjqBvzOcAm

Score

10^/10

Family

blustealer

Credentials

BluStealer
A Modular information stealer written in Visual Basic.
stealer blustealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4848 set thread context of 4244	4848	Scan0007.exe	95

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4244	Scan0007.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95
PID 4848 wrote to memory of 4244	4848	Scan0007.exe	95

C:\Users\Admin\AppData\Local\Temp\Scan0007.exe
"C:\Users\Admin\AppData\Local\Temp\Scan0007.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Users\Admin\AppData\Local\Temp\Scan0007.exe
  "C:\Users\Admin\AppData\Local\Temp\Scan0007.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4244

memory/4244-12-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4244-19-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4244-15-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/4848-4-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/4848-0-0x0000000000DD0000-0x0000000000EB2000-memory.dmp

Filesize
904KB

Download
memory/4848-5-0x00000000058A0000-0x00000000058AA000-memory.dmp

Filesize
40KB

Download
memory/4848-6-0x0000000005B20000-0x0000000005B3C000-memory.dmp

Filesize
112KB

Download
memory/4848-7-0x0000000007040000-0x00000000070DC000-memory.dmp

Filesize
624KB

Download
memory/4848-8-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4848-9-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/4848-10-0x0000000006E30000-0x0000000006EC4000-memory.dmp

Filesize
592KB

Download
memory/4848-11-0x0000000006FE0000-0x000000000703E000-memory.dmp

Filesize
376KB

Download
memory/4848-3-0x00000000058D0000-0x0000000005962000-memory.dmp

Filesize
584KB

Download
memory/4848-2-0x0000000005F80000-0x0000000006524000-memory.dmp

Filesize
5.6MB

Download
memory/4848-17-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4848-1-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download