blustealer | 2c4115951e3a55fe85cf0ebb6fcf5e65ccbebfa0774a3f15db7856b74e8e6647 | Triage

Sharing

General

Target

40359b10d6abf5315ad4989515c8cd85_JaffaCakes118
Size

1.3MB
Sample

241013-q5asasvakj
MD5

40359b10d6abf5315ad4989515c8cd85
SHA1

7ff721bba3042816f6f7fd282c93d270247dd20f
SHA256

2c4115951e3a55fe85cf0ebb6fcf5e65ccbebfa0774a3f15db7856b74e8e6647
SHA512

b1583343d928976d222fe9ac9857e2f73f324b853e04be40602db2425c51a56681ad992d1d2adb95da454f5ce5ca1a7731ef0a380d1d84ca5b112fb182145005
SSDEEP

24576:7bx5ACyRtvPExqgcSSu5bqhD92oK8t7yz5b/UXq60Lnyx2M3TttxnvZ:vAVRBPhbSFAhcKtYiq60LnKTVnR

Score

10^/10

blustealer discovery stealer

Malware Config

Targets

- Target
  
  40359b10d6abf5315ad4989515c8cd85_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  40359b10d6abf5315ad4989515c8cd85
- SHA1
  
  7ff721bba3042816f6f7fd282c93d270247dd20f
- SHA256
  
  2c4115951e3a55fe85cf0ebb6fcf5e65ccbebfa0774a3f15db7856b74e8e6647
- SHA512
  
  b1583343d928976d222fe9ac9857e2f73f324b853e04be40602db2425c51a56681ad992d1d2adb95da454f5ce5ca1a7731ef0a380d1d84ca5b112fb182145005
- SSDEEP
  
  24576:7bx5ACyRtvPExqgcSSu5bqhD92oK8t7yz5b/UXq60Lnyx2M3TttxnvZ:vAVRBPhbSFAhcKtYiq60LnKTVnR
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2

blustealerdiscoverystealer