Source |
Minerva |
Identifiant |
5667599 |
Date de publication |
2022-05-03 15:37:31 (vue: 2022-07-12 10:03:33) |
Titre |
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs |
Texte |
BluStealer malware was first detected in May 2021 by James_inthe_box. Back then, it was delivered through a phishing mail, either as an attachment or a Discord link leading to the malware download URL. According to Avast 2021 analysis, it “consists of a core written in Visual Basic and the C# .NET inner payload(s). The VB core reuses a large amount of code from a 2004 SpyEx project. Its capabilities to steal crypto wallet data, swap crypto addresses present in the clipboard, find and upload document files, exfiltrate data through SMTP and the Telegram Bot API, as well as anti-analysis/anti-VM tactics” |
Envoyé |
Oui |
Condensat |
2004 2021 according addresses amount analysis analysis/anti anti api attachment avast back basic blustealer bot box capabilities clipboard code core crypto data delivered detected direct discord document download edrs either evade exfiltrate files find first from inner inthe its james large leading link loader mail malware may net new payload phishing present project reuses smtp spyex steal swap syscalls tactics” telegram then through upload url uses visual wallet well written “consists |
Tags |
Malware
Guideline
|
Stories |
|
Notes |
|
Move |
|