blustealer | b6df7c082c500ca77f9530f0b6954d6d8d997ff3565bd2be5f18d3363d50d7e0 | Triage

Sharing

General

Target

6a07df8810ab9c4141ad36279d406b96_JaffaCakes118
Size

661KB
Sample

241022-md65msscmp
MD5

6a07df8810ab9c4141ad36279d406b96
SHA1

dfb0108fdc4ccb0fb10090a51ef1685f6efc0b53
SHA256

b6df7c082c500ca77f9530f0b6954d6d8d997ff3565bd2be5f18d3363d50d7e0
SHA512

fd0f343b531adc7374c2963f3dd4abea9006f06130c5883a75129046d5883db573194e93f92f98df9458fbf8255ffdb31b2f8f8115cd37b6398626fe5e9dfc48
SSDEEP

12288:bUQDjg+65t+UW19qnOVPLQz3qeeitZJ9xrhNgL+H6IBOjwPeMK:bnyWPxVPLlzI1rhqyJUWeM

Score

10^/10

blustealer discovery persistence stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
bojtai.xyz
Port:
587
Username:
[email protected]
Password:
(mr.GT^Eg#C6

Targets

- Target
  
  6a07df8810ab9c4141ad36279d406b96_JaffaCakes118
- Size
  
  661KB
- MD5
  
  6a07df8810ab9c4141ad36279d406b96
- SHA1
  
  dfb0108fdc4ccb0fb10090a51ef1685f6efc0b53
- SHA256
  
  b6df7c082c500ca77f9530f0b6954d6d8d997ff3565bd2be5f18d3363d50d7e0
- SHA512
  
  fd0f343b531adc7374c2963f3dd4abea9006f06130c5883a75129046d5883db573194e93f92f98df9458fbf8255ffdb31b2f8f8115cd37b6398626fe5e9dfc48
- SSDEEP
  
  12288:bUQDjg+65t+UW19qnOVPLQz3qeeitZJ9xrhNgL+H6IBOjwPeMK:bnyWPxVPLlzI1rhqyJUWeM
Score

10^/10

blustealer discovery persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverypersistencestealer

behavioral2

blustealerdiscoverypersistencestealer