blustealer | 6b45587225d63562c0ac77d9134974686ff612743ce70b0c12183970275198b4 | Triage

Sharing

General

Target

f3ae5084244b18b1eb956fd8729b39db_JaffaCakes118
Size

2.3MB
Sample

240416-rs6vmsdh3w
MD5

f3ae5084244b18b1eb956fd8729b39db
SHA1

50b0e84f2fc1be5c852747e721056b0b95162ecb
SHA256

6b45587225d63562c0ac77d9134974686ff612743ce70b0c12183970275198b4
SHA512

31e964428c51c120c913be3cccd092607605adf2856ef22d83424a6c71c889c7284de617df8cbbec1e9a469a8d1602148cbf5f8a9dd7e0cafc966e5156352bf7
SSDEEP

12288:s2MN/vK6kaQ0iN9M+LTcQQ++fNvZl2eXNPnrEdrE:00n4+LYz++fflxXN/odo

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.xyz
Port:
587
Username:
[email protected]
Password:
r[]w2e=V+]AV

Targets

- Target
  
  f3ae5084244b18b1eb956fd8729b39db_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  f3ae5084244b18b1eb956fd8729b39db
- SHA1
  
  50b0e84f2fc1be5c852747e721056b0b95162ecb
- SHA256
  
  6b45587225d63562c0ac77d9134974686ff612743ce70b0c12183970275198b4
- SHA512
  
  31e964428c51c120c913be3cccd092607605adf2856ef22d83424a6c71c889c7284de617df8cbbec1e9a469a8d1602148cbf5f8a9dd7e0cafc966e5156352bf7
- SSDEEP
  
  12288:s2MN/vK6kaQ0iN9M+LTcQQ++fNvZl2eXNPnrEdrE:00n4+LYz++fflxXN/odo
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer