blustealer | 82090226e00e3cb4959978926f478a03ad813804ef511e0c0f6ef05f426b4666 | Triage

Sharing

General

Target

0f81f465488d18dffa9165e06b2ae77f_JaffaCakes118
Size

997KB
Sample

241003-tf86caxdjb
MD5

0f81f465488d18dffa9165e06b2ae77f
SHA1

0c56da587224dc63b20ec2c00440b1f38f9df9da
SHA256

82090226e00e3cb4959978926f478a03ad813804ef511e0c0f6ef05f426b4666
SHA512

9ac91d0092faf8b6251f1a844c7b31719e4fa4592ba0305a12df2d9a79c7a52ec5f7ebc43639835a2023527fa141fd67924f7c72cf9e2142db30ec4b72b21c67
SSDEEP

12288:YVSszxoCDPp9iVRsFhS3TCU08CY4EFKj6agsGMDluoEtxX5jGIT9JVQBzQ:ExomPmbgIj28CY40sPgoEtxRP9QBzQ

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
restd.xyz
Port:
587
Username:
[email protected]
Password:
0@3z{Aj3S8$H

Targets

- Target
  
  0f81f465488d18dffa9165e06b2ae77f_JaffaCakes118
- Size
  
  997KB
- MD5
  
  0f81f465488d18dffa9165e06b2ae77f
- SHA1
  
  0c56da587224dc63b20ec2c00440b1f38f9df9da
- SHA256
  
  82090226e00e3cb4959978926f478a03ad813804ef511e0c0f6ef05f426b4666
- SHA512
  
  9ac91d0092faf8b6251f1a844c7b31719e4fa4592ba0305a12df2d9a79c7a52ec5f7ebc43639835a2023527fa141fd67924f7c72cf9e2142db30ec4b72b21c67
- SSDEEP
  
  12288:YVSszxoCDPp9iVRsFhS3TCU08CY4EFKj6agsGMDluoEtxX5jGIT9JVQBzQ:ExomPmbgIj28CY40sPgoEtxRP9QBzQ
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2