blustealer | 967f7296fc850d9a5c810776f910b5ac22dbff3a31f00c7641bdb68b421b7caf | Triage

Submit
Reports

Overview

overview

Static

static

3

b02a63fa9c...99.exe

windows7-x64

b02a63fa9c...99.exe

windows10-2004-x64

Sharing

General

Target

b02a63fa9c807c8509341d264e494f99
Size

1.1MB
Sample

240301-dlekxsbf22
MD5

b02a63fa9c807c8509341d264e494f99
SHA1

dd9a5cfc7dbe769be5a9edb8f1e6e1a5e17bf8ec
SHA256

967f7296fc850d9a5c810776f910b5ac22dbff3a31f00c7641bdb68b421b7caf
SHA512

e46f85a067aefb3e500e448aec1d878e8cb79f009f3d434e3f25240fc3d50d41ded7abb18845eedcaa03e00f58078a36a4c258ec8bcfdc9fd8f7668dbe3c6b22
SSDEEP

24576:Z/FAjZ1EVMqHj1q0oc163Dwlrp9KyxsuM:YZ1EBHBqakDwlrbKCs

Score

10^/10

blustealer collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b02a63fa9c807c8509341d264e494f99.exe

Resource

win7-20240221-en

blustealer collection spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

b02a63fa9c807c8509341d264e494f99.exe

Resource

win10v2004-20240226-en

blustealer collection spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.sabaint.me
Port:
587
Username:
[email protected]
Password:
regina1983-

Targets

- Target
  
  b02a63fa9c807c8509341d264e494f99
- Size
  
  1.1MB
- MD5
  
  b02a63fa9c807c8509341d264e494f99
- SHA1
  
  dd9a5cfc7dbe769be5a9edb8f1e6e1a5e17bf8ec
- SHA256
  
  967f7296fc850d9a5c810776f910b5ac22dbff3a31f00c7641bdb68b421b7caf
- SHA512
  
  e46f85a067aefb3e500e448aec1d878e8cb79f009f3d434e3f25240fc3d50d41ded7abb18845eedcaa03e00f58078a36a4c258ec8bcfdc9fd8f7668dbe3c6b22
- SSDEEP
  
  24576:Z/FAjZ1EVMqHj1q0oc163Dwlrp9KyxsuM:YZ1EBHBqakDwlrbKCs
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionspywarestealer

behavioral2

blustealercollectionspywarestealer

© 2018-2024

Terms | Privacy