blustealer | 3a400fbdc47f573a48a5f3052b0b4e67614b27607232dc448d11acf15b6baf8e | Triage

Sharing

General

Target

391d8025ebeb784e53f76c6536aa6fe6_JaffaCakes118
Size

432KB
Sample

240711-pnqlrayelf
MD5

391d8025ebeb784e53f76c6536aa6fe6
SHA1

e9ac084345ba307473cbcf82846e0fc4be8d26e6
SHA256

3a400fbdc47f573a48a5f3052b0b4e67614b27607232dc448d11acf15b6baf8e
SHA512

de0ed92b7bfc4bfe1b15a539311677d288ec7ed66374adc39edfd60bf5094ac99a387d93213a5790f0dac121ef38145888e2e23023404cdfd871c2eca785a4c8
SSDEEP

6144:b8LxBBXsdAsRN+ciV3RGt+CgPq2ZvrnfIT6GcUYVo5DaXYuWwxR8FjoLGzxbecQU:ysNN+cilRTrfI2Z0s7hx6tzgBQs3ar7H

Score

10^/10

blustealer stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Targets

- Target
  
  391d8025ebeb784e53f76c6536aa6fe6_JaffaCakes118
- Size
  
  432KB
- MD5
  
  391d8025ebeb784e53f76c6536aa6fe6
- SHA1
  
  e9ac084345ba307473cbcf82846e0fc4be8d26e6
- SHA256
  
  3a400fbdc47f573a48a5f3052b0b4e67614b27607232dc448d11acf15b6baf8e
- SHA512
  
  de0ed92b7bfc4bfe1b15a539311677d288ec7ed66374adc39edfd60bf5094ac99a387d93213a5790f0dac121ef38145888e2e23023404cdfd871c2eca785a4c8
- SSDEEP
  
  6144:b8LxBBXsdAsRN+ciV3RGt+CgPq2ZvrnfIT6GcUYVo5DaXYuWwxR8FjoLGzxbecQU:ysNN+cilRTrfI2Z0s7hx6tzgBQs3ar7H
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/jzmc.dll
- Size
  
  18KB
- MD5
  
  74d5048bbcdd145406c1401705d19b01
- SHA1
  
  699ddbba611ec8467c1c7e92c3226d432139c16e
- SHA256
  
  7401f524da5c86ef8d102c6b3196e4eec962a32883bcc74b5a1ecaa1ae2a7a6d
- SHA512
  
  d0817195e8d770502e9cf8d4438cf7d09dd2fa5523041f81466ea3c9324d8e43899c2ad9b675b08cc900adc7176db82008cd95ef5c9ff12171016e2d319aa6ca
- SSDEEP
  
  384:l9Pn2ZdJOM8ywOGG2Sd5o2vzPXK4X0A38:7PnYgM8ywOKS3xzPXK4NM
Score

10^/10

blustealer stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstealer

behavioral2

behavioral3

blustealerstealer

behavioral4