Overview

overview

10

Static

static

3

f3ae508424...18.exe

windows7-x64

10

f3ae508424...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3ae5084244b18b1eb956fd8729b39db_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240416-rs6vmsdh3w

  • MD5

    f3ae5084244b18b1eb956fd8729b39db

  • SHA1

    50b0e84f2fc1be5c852747e721056b0b95162ecb

  • SHA256

    6b45587225d63562c0ac77d9134974686ff612743ce70b0c12183970275198b4

  • SHA512

    31e964428c51c120c913be3cccd092607605adf2856ef22d83424a6c71c889c7284de617df8cbbec1e9a469a8d1602148cbf5f8a9dd7e0cafc966e5156352bf7

  • SSDEEP

    12288:s2MN/vK6kaQ0iN9M+LTcQQ++fNvZl2eXNPnrEdrE:00n4+LYz++fflxXN/odo

Score
10/10
blustealerstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    budgetn.xyz
  • Port:
    587
  • Username:
    shunyuan@budgetn.xyz
  • Password:
    r[]w2e=V+]AV

Targets

    • Target

      f3ae5084244b18b1eb956fd8729b39db_JaffaCakes118

    • Size

      2.3MB

    • MD5

      f3ae5084244b18b1eb956fd8729b39db

    • SHA1

      50b0e84f2fc1be5c852747e721056b0b95162ecb

    • SHA256

      6b45587225d63562c0ac77d9134974686ff612743ce70b0c12183970275198b4

    • SHA512

      31e964428c51c120c913be3cccd092607605adf2856ef22d83424a6c71c889c7284de617df8cbbec1e9a469a8d1602148cbf5f8a9dd7e0cafc966e5156352bf7

    • SSDEEP

      12288:s2MN/vK6kaQ0iN9M+LTcQQ++fNvZl2eXNPnrEdrE:00n4+LYz++fflxXN/odo

    Score
    10/10
    blustealerstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks