Extracted

• • Target

    d13bb43ed0d785b7026cbfd743123568_JaffaCakes118

  • Size

    826KB

  • MD5

    d13bb43ed0d785b7026cbfd743123568

  • SHA1

    77921fd7d2a82f9d42a44fee2df3dfd7e1c459f6

  • SHA256

    4accc75edd57e5a6e939f1c122ad24949c1305ce70d9796fd57b8d3028f4a8da

  • SHA512

    1b1015aed280490ef537297bc093ede2dc32c3f1a66edd713835c047bde10c810d3e75b59f196104d9ac88cb6a1a6b971caa17e91189bb8fe56f46bc10003837

  • SSDEEP

    12288:Zu5JfleohV9oasH4EIKGZeBAuUyf1aAjBHwYDxt1YHsH:Zu5Jt5o3H4EIKyDmf1a6wYDjKs

  Score

  10^/10

  blustealerdefense_evasiondiscoverystealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Blustealer family

    blustealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Suspicious use of SetThreadContext

  behavioral1behavioral2