blustealer | 34df71e1c8afa4f4909ee40372ad547fc67d2d7d97ded03b5e0ced87b39b2da4 | Triage

Sharing

General

Target

9087c87d6cb74d5c1791f3f27fa68586
Size

1017KB
Sample

240205-ah2z9secc5
MD5

9087c87d6cb74d5c1791f3f27fa68586
SHA1

70a0e7d031787ca88aec2dfe355c02e42c9690f4
SHA256

34df71e1c8afa4f4909ee40372ad547fc67d2d7d97ded03b5e0ced87b39b2da4
SHA512

83fbd57e41255277ae479ee81e7040f48da3a89872ea9dce6b71589c54bcf54dd11815dec9f0a62c98164ba4bcbc7ce6fe40b754e1a275d9f37876851b27f1b3
SSDEEP

12288:Gf0/nU4XJmZPSufsmNzXO26VcwWVmIP/bnEK3hc0PoLj4E6SdHjW85m+b3aWClsD:GflZdfJ+2nX7EKOgonrtjFHbqWCKhEY

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
@@@@@@

Targets

- Target
  
  9087c87d6cb74d5c1791f3f27fa68586
- Size
  
  1017KB
- MD5
  
  9087c87d6cb74d5c1791f3f27fa68586
- SHA1
  
  70a0e7d031787ca88aec2dfe355c02e42c9690f4
- SHA256
  
  34df71e1c8afa4f4909ee40372ad547fc67d2d7d97ded03b5e0ced87b39b2da4
- SHA512
  
  83fbd57e41255277ae479ee81e7040f48da3a89872ea9dce6b71589c54bcf54dd11815dec9f0a62c98164ba4bcbc7ce6fe40b754e1a275d9f37876851b27f1b3
- SSDEEP
  
  12288:Gf0/nU4XJmZPSufsmNzXO26VcwWVmIP/bnEK3hc0PoLj4E6SdHjW85m+b3aWClsD:GflZdfJ+2nX7EKOgonrtjFHbqWCKhEY
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer