blustealer | a8155c456591d039a2229e3445d197a575c173b1e81be6d2cffb9fec0bf31dee | Triage

Sharing

General

Target

d41d83747c393dffe19f1ae809298f9e_JaffaCakes118
Size

1.8MB
Sample

241207-3axpsszjfz
MD5

d41d83747c393dffe19f1ae809298f9e
SHA1

c9d50292460b218e9c50204f621315994631f6f5
SHA256

a8155c456591d039a2229e3445d197a575c173b1e81be6d2cffb9fec0bf31dee
SHA512

86623850e1c46ab45b309d60371d8c5a14a6850ee84d9d7f74f4d47aaa1f455bc9f5515d65c0b46a4eec01430d3df503bf2e8e8356ee75a1979654166e2245c5
SSDEEP

49152:LqhbdfW89H0JYOWJh7yedL50IXYIcRGE3:mhFW85IWJh+e950IXvW3

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
restd.xyz
Port:
587
Username:
[email protected]
Password:
6zUU+}u29n[J

Targets

- Target
  
  d41d83747c393dffe19f1ae809298f9e_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  d41d83747c393dffe19f1ae809298f9e
- SHA1
  
  c9d50292460b218e9c50204f621315994631f6f5
- SHA256
  
  a8155c456591d039a2229e3445d197a575c173b1e81be6d2cffb9fec0bf31dee
- SHA512
  
  86623850e1c46ab45b309d60371d8c5a14a6850ee84d9d7f74f4d47aaa1f455bc9f5515d65c0b46a4eec01430d3df503bf2e8e8356ee75a1979654166e2245c5
- SSDEEP
  
  49152:LqhbdfW89H0JYOWJh7yedL50IXYIcRGE3:mhFW85IWJh+e950IXvW3
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Blustealer family
  blustealer
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2

blustealerdiscoverystealer