blustealer | d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6 | Triage

Sharing

General

Target

JaffaCakes118_d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6
Size

390KB
Sample

241229-nrspva1jct
MD5

5ef571266d504223c1a7bf691afa5cd6
SHA1

f988001ad05d9f7c815b063d472fdca20b33aed5
SHA256

d0685bc174f43b12fcf3cb369624a23ecf8e88a1635dd69784dbc8e6ef70c6e6
SHA512

b39a491d093e82ec06120231c590ad83605075b65fbbbcc36c0be6288657c3e9ec6ce36a505fd6b88845a7cb5ce6bdaa3e6aefb3c4a826e92476003018b21c5a
SSDEEP

6144:1LNMiEalCzYB1GyH1lhONhO7VAzK6Guz/OEWoHCj34+aV3gBPPLvT3Wi6rit8:1LDlEYxluY7WZFV3gBrb376et8

Score

10^/10

blustealer discovery stealer

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.dm-teh.com
Port:
587
Username:
[email protected]
Password:
Vm@(O;CO.vEQ

Targets

- Target
  
  8bef9914316ad50fba06565f6b28596b2548affd3306d07c66123885b5fe8a6f
- Size
  
  467KB
- MD5
  
  97ac62036affb68bcfcd4e4bf5e3b86c
- SHA1
  
  105efa0342906a922a9b0e86fe1fafdddba16532
- SHA256
  
  8bef9914316ad50fba06565f6b28596b2548affd3306d07c66123885b5fe8a6f
- SHA512
  
  32f72a5d73afedfc4e2931532d7afc63bc203222447998ea49c499532c58955343844d5faa992908debd7c0743b480d61f959083703cb3a446036b3ee7d2c9ab
- SSDEEP
  
  12288:X7CfVLSdiKUsNpyxGH6EdEQvrRuQ9/mG031ign8bxxW0OLWmJ:X7WYdiKtA+/CYrRuQ9/l4Axc+m
Score

10^/10

blustealer discovery stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Blustealer family
  blustealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerdiscoverystealer

behavioral2

blustealerdiscoverystealer