blustealer | c42c871cd29b62344d701a854d15b370e7987d7daad60a8574d4e6b5a5636678 | Triage

Sharing

General

Target

dc7995dba8cf2cbaee063c4a1b54a058_JaffaCakes118
Size

881KB
Sample

241210-cbjlfsvjcj
MD5

dc7995dba8cf2cbaee063c4a1b54a058
SHA1

de07f4dd4bb61cea6f058addaa0b6ad922e1790b
SHA256

c42c871cd29b62344d701a854d15b370e7987d7daad60a8574d4e6b5a5636678
SHA512

bb2242fce06e808b7547fc27bf2459c7f0d2e1c3b64c2c20110ef9da093945622697cb2c9496ffe9760c4fa42ced6f9238992bab997a7acdcc78348f9655b9f8
SSDEEP

12288:wu+c+R2Swz+EHJh8LlWDoLaMVR3obhwxDzKQUwSIHvHq+luKwyB:r+gSe7h8LnXJo9iDzKBwSIy+lgyB

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
budgetn.xyz
Port:
587
Username:
[email protected]
Password:
Q0c,S{Hd]%aL

Targets

- Target
  
  dc7995dba8cf2cbaee063c4a1b54a058_JaffaCakes118
- Size
  
  881KB
- MD5
  
  dc7995dba8cf2cbaee063c4a1b54a058
- SHA1
  
  de07f4dd4bb61cea6f058addaa0b6ad922e1790b
- SHA256
  
  c42c871cd29b62344d701a854d15b370e7987d7daad60a8574d4e6b5a5636678
- SHA512
  
  bb2242fce06e808b7547fc27bf2459c7f0d2e1c3b64c2c20110ef9da093945622697cb2c9496ffe9760c4fa42ced6f9238992bab997a7acdcc78348f9655b9f8
- SSDEEP
  
  12288:wu+c+R2Swz+EHJh8LlWDoLaMVR3obhwxDzKQUwSIHvHq+luKwyB:r+gSe7h8LnXJo9iDzKBwSIy+lgyB
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Blustealer family
  blustealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2