blustealer | 5ab9feae38e3b0f409af2261cdddc44676b301ed4df03adec3bcae88d1fe58da | Triage

Submit
Reports

Overview

overview

Static

static

3816-142-0...ry.exe

windows7-x64

3816-142-0...ry.exe

windows10-2004-x64

Sharing

General

Target

3816-142-0x0000000000400000-0x0000000000654000-memory.dmp
Size

2.3MB
Sample

240306-f9zbcadc99
MD5

28af75842a4a507ed1bc04782133c1cd
SHA1

c0198e76b972772adf04b9a37b575db0e2a1a65e
SHA256

5ab9feae38e3b0f409af2261cdddc44676b301ed4df03adec3bcae88d1fe58da
SHA512

15739906e7041e4fd7e65c90eb65513113bc7356863285a881a932c35223a56e269355a1e00e504f88d2c0dda1817e0850fb0340c855a9efd1b82e0384257590
SSDEEP

24576:wxgsRftD0C2nKGH0Djsf9nz4mloFQnpXUMPQDR6q79dA:waSftDnGUDYf5zaCpXxPuR6E9dA

Score

10^/10

blustealer collection stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3816-142-0x0000000000400000-0x0000000000654000-memory.exe

Resource

win7-20240215-en

blustealer collection stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

3816-142-0x0000000000400000-0x0000000000654000-memory.exe

Resource

win10v2004-20240226-en

blustealer collection stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

- Target
  
  3816-142-0x0000000000400000-0x0000000000654000-memory.dmp
- Size
  
  2.3MB
- MD5
  
  28af75842a4a507ed1bc04782133c1cd
- SHA1
  
  c0198e76b972772adf04b9a37b575db0e2a1a65e
- SHA256
  
  5ab9feae38e3b0f409af2261cdddc44676b301ed4df03adec3bcae88d1fe58da
- SHA512
  
  15739906e7041e4fd7e65c90eb65513113bc7356863285a881a932c35223a56e269355a1e00e504f88d2c0dda1817e0850fb0340c855a9efd1b82e0384257590
- SSDEEP
  
  24576:wxgsRftD0C2nKGH0Djsf9nz4mloFQnpXUMPQDR6q79dA:waSftDnGUDYf5zaCpXxPuR6E9dA
Score

10^/10

blustealer collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionstealer

behavioral2

blustealercollectionstealer

© 2018-2024

Terms | Privacy