blustealer | 7257e33f527df5f7820d5dfd9022d923b5fb6cdef21d402c54fc9d3f3106f3a3 | Triage

Sharing

General

Target

943244db3bce1498ee39206c5e0f2bbc_JaffaCakes118
Size

2.7MB
Sample

241124-my2ewssmaj
MD5

943244db3bce1498ee39206c5e0f2bbc
SHA1

026cf4e2deae460e56675e827b408c17db0b16fe
SHA256

7257e33f527df5f7820d5dfd9022d923b5fb6cdef21d402c54fc9d3f3106f3a3
SHA512

c674637360aae0ea0eeafb773d6befbe5ff43ec93a0201b50731d1d4615b4701810923a5411be531914e92336b28cf43941ab06124a0e8e0cb8e58324925e7e5
SSDEEP

24576:KKVIwZqiBUljqRuth3CSb9F9C14mL0OIntkrUZbnLATHGK2SfRtiHbhwrDzE:LIe/a8UQrUSHGK2Sjr3E

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1838876767:AAEiDKTcT_A4WBwpMo9nnrtBP7OvsmEUnNU/sendMessage?chat_id=1300181783

Targets

- Target
  
  943244db3bce1498ee39206c5e0f2bbc_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  943244db3bce1498ee39206c5e0f2bbc
- SHA1
  
  026cf4e2deae460e56675e827b408c17db0b16fe
- SHA256
  
  7257e33f527df5f7820d5dfd9022d923b5fb6cdef21d402c54fc9d3f3106f3a3
- SHA512
  
  c674637360aae0ea0eeafb773d6befbe5ff43ec93a0201b50731d1d4615b4701810923a5411be531914e92336b28cf43941ab06124a0e8e0cb8e58324925e7e5
- SSDEEP
  
  24576:KKVIwZqiBUljqRuth3CSb9F9C14mL0OIntkrUZbnLATHGK2SfRtiHbhwrDzE:LIe/a8UQrUSHGK2Sjr3E
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Blustealer family
  blustealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2

blustealerdiscoverystealer