Overview

overview

10

Static

static

3

9ee21b7bda...91.exe

windows7-x64

10

9ee21b7bda...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2024 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ee21b7bda8668d0a5e41273d0ce1291.exe

  • Size

    735KB

  • MD5

    9ee21b7bda8668d0a5e41273d0ce1291

  • SHA1

    bcd0969fa8441be09d256585a7bd7073d2725f59

  • SHA256

    738a485429af982afe764c392327ad1940bc0e2c53e46ccebc7e7528abaa9c9d

  • SHA512

    eff01ac098513e9a74dc75e6fa58f47dc51ad951d3667d1378eecc029c8378e7a386b6e2f8cf32d7b4be75b4ac90a6be8214751a4935da6e24d80315ee0ef6f1

  • SSDEEP

    12288:r7T2OCm5I7wjmyGR7GjOzv1S87j4HtkqYrp9yo0BNhc96DH/ofO/oKc:r7T2OCjkjmykyjOhH4HOqspDQ9X/M

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ee21b7bda8668d0a5e41273d0ce1291.exe
    "C:\Users\Admin\AppData\Local\Temp\9ee21b7bda8668d0a5e41273d0ce1291.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\AppData\Local\Temp\9ee21b7bda8668d0a5e41273d0ce1291.exe
      "C:\Users\Admin\AppData\Local\Temp\9ee21b7bda8668d0a5e41273d0ce1291.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1808-3-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1808-5-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1808-8-0x0000000000400000-0x0000000000475000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1924-1-0x0000000000320000-0x0000000000420000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1924-2-0x0000000000100000-0x0000000000102000-memory.dmp

    Filesize

    8KB

    Download