blustealer | 7123566d71d2fd588fa4a408a7ef476b409d0e74929601c636f1fbc5b5854135 | Triage

Sharing

General

Target

2552-163-0x0000000000400000-0x0000000000472000-memory.dmp
Size

456KB
Sample

240302-pysh4add3v
MD5

8f7226104c4d7d8f2370189621507367
SHA1

dedb13ae4dec7788290a73162d7e63ef1e5cc7da
SHA256

7123566d71d2fd588fa4a408a7ef476b409d0e74929601c636f1fbc5b5854135
SHA512

9c819032d82e7c177be018a5eb2de7cd968fbc256577562f6523fdc07a546c35a0f415a4ab09b3266f1a47766ab1fc26a547f9679487eef853f52fd8ec1d6644
SSDEEP

12288:TWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBC:0xgsRftD0C2nKGs

Score

10^/10

blustealer collection spyware

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5813496253:AAF4hamIx4-mNmFF1DwsqdJ4F9vUBmFqLo/sendMessage?chat_id=1105271645

Targets

- Target
  
  2552-163-0x0000000000400000-0x0000000000472000-memory.dmp
- Size
  
  456KB
- MD5
  
  8f7226104c4d7d8f2370189621507367
- SHA1
  
  dedb13ae4dec7788290a73162d7e63ef1e5cc7da
- SHA256
  
  7123566d71d2fd588fa4a408a7ef476b409d0e74929601c636f1fbc5b5854135
- SHA512
  
  9c819032d82e7c177be018a5eb2de7cd968fbc256577562f6523fdc07a546c35a0f415a4ab09b3266f1a47766ab1fc26a547f9679487eef853f52fd8ec1d6644
- SSDEEP
  
  12288:TWnxfgsRL4u/1AlLK6FRY2n8OPKxGvYmBC:0xgsRftD0C2nKGs
Score

6^/10

collection spyware
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

collectionspyware

behavioral2

collectionspyware