blustealer | 960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece | Triage

Sharing

General

Target

38b37b2b72f6071cf8345c05af05fcee_JaffaCakes118
Size

994KB
Sample

241012-gkp7ta1epl
MD5

38b37b2b72f6071cf8345c05af05fcee
SHA1

2f42183fa45551194a1d1d0b5a10f0a91116212f
SHA256

960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
SHA512

b56315744d10d81d2a393373dc65da93f0f4b2ba48253833d3faecd0ec7a550df3d80ab45d242dfa3e42c1728447b74492dc26b9c9a4ca66e3544cb1aae8d24b
SSDEEP

24576:Qdla9gYmncCehCF2BEwT/5PrQLeOjQ8WEA48VEfxnvt:yQ9R6ehTUPjjrSVEfxnl

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
restd.xyz
Port:
587
Username:
[email protected]
Password:
3a-XMb^)jn=T

Targets

- Target
  
  38b37b2b72f6071cf8345c05af05fcee_JaffaCakes118
- Size
  
  994KB
- MD5
  
  38b37b2b72f6071cf8345c05af05fcee
- SHA1
  
  2f42183fa45551194a1d1d0b5a10f0a91116212f
- SHA256
  
  960c5e14181f4b5bac1b82c9367860d6f30fa0a4e7cf848cd523b3a3b7268ece
- SHA512
  
  b56315744d10d81d2a393373dc65da93f0f4b2ba48253833d3faecd0ec7a550df3d80ab45d242dfa3e42c1728447b74492dc26b9c9a4ca66e3544cb1aae8d24b
- SSDEEP
  
  24576:Qdla9gYmncCehCF2BEwT/5PrQLeOjQ8WEA48VEfxnvt:yQ9R6ehTUPjjrSVEfxnl
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2

blustealerdiscoverystealer