Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-05-03 15:37:31 |
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs (lien direct) |
BluStealer malware was first detected in May 2021 by James_inthe_box. Back then, it was delivered through a phishing mail, either as an attachment or a Discord link leading to the malware download URL. According to Avast 2021 analysis, it “consists of a core written in Visual Basic and the C# .NET inner payload(s). The VB core reuses a large amount of code from a 2004 SpyEx project. Its capabilities to steal crypto wallet data, swap crypto addresses present in the clipboard, find and upload document files, exfiltrate data through SMTP and the Telegram Bot API, as well as anti-analysis/anti-VM tactics” |
Malware
Guideline
|
|
|