blustealer | 674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789 | Triage

Resubmissions

20-04-2024 21:07

240420-zym9gshh86 10

Sharing

General

Target

fda687e3f7ee2e46c4094d557f137ff8_JaffaCakes118
Size

1.5MB
Sample

240420-zym9gshh86
MD5

fda687e3f7ee2e46c4094d557f137ff8
SHA1

f1e13dd8b5f869045bdc15de6303e5cfcc7c4cff
SHA256

674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789
SHA512

d47b72db111b19669d8bf5575fedc11bb01ff220b0929b09dd061efd612f55093d708fe5007f0e60732defd5de6868e898fba55270b0fa449f5ab766097109e0
SSDEEP

24576:/WN565751UbTCg1XJ2qg4rSs3S1KqFHTwfs89UrmMnfk/iQ2+S0d:/q65rUbTCg1wFsqBZMfsaU9fk/Pj

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.starkgulf.com
Port:
587
Username:
[email protected]
Password:
info123#

Targets

- Target
  
  fda687e3f7ee2e46c4094d557f137ff8_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  fda687e3f7ee2e46c4094d557f137ff8
- SHA1
  
  f1e13dd8b5f869045bdc15de6303e5cfcc7c4cff
- SHA256
  
  674a7b749bea309b2f9157e187a92fc0da9ce79b3a9ee4f3c85e6b58dd961789
- SHA512
  
  d47b72db111b19669d8bf5575fedc11bb01ff220b0929b09dd061efd612f55093d708fe5007f0e60732defd5de6868e898fba55270b0fa449f5ab766097109e0
- SSDEEP
  
  24576:/WN565751UbTCg1XJ2qg4rSs3S1KqFHTwfs89UrmMnfk/iQ2+S0d:/q65rUbTCg1wFsqBZMfsaU9fk/Pj
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blustealerstealer

behavioral2

blustealerstealer