blustealer | 1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387 | Triage

Sharing

General

Target

abb26d1600dda55b1004b39d569178a8_JaffaCakes118
Size

1.2MB
Sample

240404-bm1tfaag65
MD5

abb26d1600dda55b1004b39d569178a8
SHA1

8e6cba40d4ddd9d6ff6b781f79febbb47e58855b
SHA256

1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387
SHA512

8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4
SSDEEP

12288:Jr5aOWToieigTrpPJQ1eFm06ua4xQ4HXXjwFROQcPf/6Pk15BOVCFrMJTpSLmTwJ:x5yyRZZ324nj2RGnyatKMgGphLdPe7kR

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Targets

- Target
  
  abb26d1600dda55b1004b39d569178a8_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  abb26d1600dda55b1004b39d569178a8
- SHA1
  
  8e6cba40d4ddd9d6ff6b781f79febbb47e58855b
- SHA256
  
  1d0e997a1e0cca7446644a5082da18ea191862c85a3e222b0296bdb158c2a387
- SHA512
  
  8d560a240bba2f915ff5a7b05bd061cbc68c8ce2268ee8b6815834f00452232e4f63da89e8d9b565dec45f0e9df232931676caae8ac6242995d14ad1222eb3e4
- SSDEEP
  
  12288:Jr5aOWToieigTrpPJQ1eFm06ua4xQ4HXXjwFROQcPf/6Pk15BOVCFrMJTpSLmTwJ:x5yyRZZ324nj2RGnyatKMgGphLdPe7kR
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/gyyrofsvwt.dll
- Size
  
  30KB
- MD5
  
  593ae51744a3a1518c88249d88f6e0d8
- SHA1
  
  799fc91d7871e4387fd487da8c066a5908263088
- SHA256
  
  f5b07baf233029ae6a86a512fd84161c07d27827ef0222eea9783296249f646b
- SHA512
  
  91d538a964f803b97b5983ca7bfab265cbfca1d481c9da7038d478bef56cea033cd9fc7acaf18b5a9680fb684cacab950df66fc9b4264ba8b5ed63c56e80cf6a
- SSDEEP
  
  384:qXR1YCNE0PHVORyEN1EzzSO4A37//YriYpYz83wolkxZP8Zi9Gsn9/0VlFaCu5Qi:qB1jE0NORy+O4Y7Hw/pUoksZeG+9/MA
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blustealerstealer

behavioral2

behavioral3

blustealerstealer

behavioral4