blustealer | d4ac60606ebb8df8a2b8d311c9262442978eeb65067e8940283e3a132efb2525 | Triage

Sharing

General

Target

78b2374d9d1810345aa8633ba8282a57_JaffaCakes118
Size

740KB
Sample

241028-kkkh4svcpg
MD5

78b2374d9d1810345aa8633ba8282a57
SHA1

4661b629995f3c4110b66afd4df827870923e47c
SHA256

d4ac60606ebb8df8a2b8d311c9262442978eeb65067e8940283e3a132efb2525
SHA512

7c65e51e28b884c948410f237e9e21e3a055b399373b97169327049480b36f5d9c2bc8bc2c6d037eb2a4cfea47b679868e35ad92275a5c314a94abc7209bf647
SSDEEP

12288:+4JQ/AKt4AXV5nLrrxeK0wBl7zCzbJqmyegzGHFWGpqqENvK0rCIkEytW3spU1:9J+tBXV5n506CzvgyHUu7ENy0rdkEk61

Score

10^/10

blustealer discovery persistence stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
bojtai.xyz
Port:
587
Username:
[email protected]
Password:
(mr.GT^Eg#C6

Targets

- Target
  
  78b2374d9d1810345aa8633ba8282a57_JaffaCakes118
- Size
  
  740KB
- MD5
  
  78b2374d9d1810345aa8633ba8282a57
- SHA1
  
  4661b629995f3c4110b66afd4df827870923e47c
- SHA256
  
  d4ac60606ebb8df8a2b8d311c9262442978eeb65067e8940283e3a132efb2525
- SHA512
  
  7c65e51e28b884c948410f237e9e21e3a055b399373b97169327049480b36f5d9c2bc8bc2c6d037eb2a4cfea47b679868e35ad92275a5c314a94abc7209bf647
- SSDEEP
  
  12288:+4JQ/AKt4AXV5nLrrxeK0wBl7zCzbJqmyegzGHFWGpqqENvK0rCIkEytW3spU1:9J+tBXV5n506CzvgyHUu7ENy0rdkEk61
Score

10^/10

blustealer discovery persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Blustealer family
  blustealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverypersistencestealer

behavioral2

blustealerdiscoverypersistencestealer