blustealer | d254826085eaada20b9ab3803fdf88d2326ffcb2e90b36d3fbb129fce1cfed5a | Triage

Submit
Reports

Overview

overview

Static

static

3

d5d26738ed...39.exe

windows7-x64

d5d26738ed...39.exe

windows10-2004-x64

3

Sharing

General

Target

d5d26738ed73d191556fc5640b43ed39
Size

743KB
Sample

240319-lx8bdagh56
MD5

d5d26738ed73d191556fc5640b43ed39
SHA1

eaec7a86cbe18f9eb5099ca390e43562701f6d29
SHA256

d254826085eaada20b9ab3803fdf88d2326ffcb2e90b36d3fbb129fce1cfed5a
SHA512

475c358c8353daac6efe9212bc649ce22197d38f32e6d63543896f77d420ca50717468e32b92dd975d685ef193624ee96bcac958da6265658748ed483f454529
SSDEEP

12288:I1Wl8T5+M63xjmevfUu+2EYhsJZ2uEYpplNw:IA24dx0Yrmps

Score

10^/10

blustealer collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5d26738ed73d191556fc5640b43ed39.exe

Resource

win7-20240215-en

blustealer collection spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5d26738ed73d191556fc5640b43ed39.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.sabaint.me
Port:
587
Username:
[email protected]
Password:
regina1983-

Targets

- Target
  
  d5d26738ed73d191556fc5640b43ed39
- Size
  
  743KB
- MD5
  
  d5d26738ed73d191556fc5640b43ed39
- SHA1
  
  eaec7a86cbe18f9eb5099ca390e43562701f6d29
- SHA256
  
  d254826085eaada20b9ab3803fdf88d2326ffcb2e90b36d3fbb129fce1cfed5a
- SHA512
  
  475c358c8353daac6efe9212bc649ce22197d38f32e6d63543896f77d420ca50717468e32b92dd975d685ef193624ee96bcac958da6265658748ed483f454529
- SSDEEP
  
  12288:I1Wl8T5+M63xjmevfUu+2EYhsJZ2uEYpplNw:IA24dx0Yrmps
Score

10^/10

blustealer collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealercollectionspywarestealer

behavioral2

© 2018-2024

Terms | Privacy