ioc[.]one - OSINT Cyber Threat Intelligence Database

BluStealer: from SpyEx to ThunderFox - Avast Threat Labs

Tags

country:	Spain
attack-pattern:	Data Model Clipboard Data - T1414 Credentials - T1589.001 Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Clipboard Data - T1115 Installutil - T1118 Private Keys - T1145

Show in Graph

Common Information

Type	Value
UUID	77b6ca0c-bb60-426b-afef-458bb4025764
Fingerprint	a4584e12ea6783e5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 20, 2021, 5:06 p.m.
Added to db	Sept. 11, 2022, 12:39 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	BluStealer: from SpyEx to ThunderFox
Title	BluStealer: from SpyEx to ThunderFox - Avast Threat Labs
Detected Hints/Tags/Attributes	57/2/71

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/anhho/blustealer/

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	4128	github.com
Details	Domain	1	cookies.zip
Details	Domain	2	cryptowallets.zip
Details	Domain	14	files.zip
Details	Domain	145	api.telegram.org
Details	Domain	1	sismode.com
Details	Domain	4	smtp.1and1.com
Details	Domain	1	starkgulf.com
Details	Domain	1	mail.starkgulf.com
Details	Domain	1	bojtai.club
Details	Domain	1	mail.bojtai.club
Details	Domain	1	digitaldirecto.es
Details	Domain	2	smtp.ionos.es
Details	Domain	1175	gmail.com
Details	Domain	1	grandamishabot.ru
Details	Domain	1	shepherd.myhostcpl.com
Details	Domain	1	farm-finn.com
Details	Domain	1	mail.farm-finn.com
Details	Email	1	andres.galarraga@sismode.com
Details	Email	1	info@starkgulf.com
Details	Email	1	etopical@bojtai.club
Details	Email	1	fernando@digitaldirecto.es
Details	Email	1	baerbelscheibll1809@gmail.com
Details	Email	1	dashboard@grandamishabot.ru
Details	Email	1	shan@farm-finn.com
Details	File	2	c:\\windows\\system32\\drivers\\vmhgfs.sys
Details	File	1	c:\\windows\\system32\\drivers\\vmmemctl.sys
Details	File	1	c:\\windows\\system32\\drivers\\vmmouse.sys
Details	File	1	c:\\windows\\system32\\drivers\\vmrawdsk.sys
Details	File	2	c:\\windows\\system32\\drivers\\vboxmouse.sys
Details	File	1	c:\\windows\\system32\\drivers\\vboxsf.sys
Details	File	1	c:\\windows\\system32\\drivers\\vboxvideo.sys
Details	File	48	applaunch.exe
Details	File	83	installutil.exe
Details	File	15	credentials.txt
Details	File	1	cookies.zip
Details	File	2	cryptowallets.zip
Details	File	15	files.zip
Details	File	1	chrom.exe
Details	File	1	paint.exe
Details	File	380	notepad.exe
Details	File	1	ruleslistener.inc
Details	Github username	1	v1v1
Details	Github username	1	elysian01
Details	Github username	1	swagkarna
Details	Github username	1	lclevy
Details	Github username	12	avast
Details	sha256	1	19595e11dbccfbfeb9560e36e623f35ab78bb7b3ce412e14b9e52d316fbc7acc
Details	sha256	1	af43ec8096757291c50b8278631829c8aca13649d15f5c7d36b69274a76efdac
Details	sha256	1	678e9028caccb74ee81779c5dd6627fb6f336b2833e9a99c4099898527b0d481
Details	sha256	1	3151ddec325ffc6269e6704d04ef206d62bba338f50a4ea833740c4b6fe770ea
Details	sha256	1	49da8145f85c63063230762826aa8d85d80399454339e47f788127dafc62ac22
Details	sha256	1	7abe87a6b675d3601a4014ac6da84392442159a68992ce0b24e709d4a1d20690
Details	sha256	1	ae29f49fa80c1a4fb2876668aa38c8262dd213fa09bf56ee6c4caa5d52033ca1
Details	sha256	1	35d443578b1eb0708d334d3e1250f68550a5db4d630f1813fed8e2fc58a2c6d0
Details	sha256	1	097d0d1119fb73b1beb9738d7e82e1c73ab9c89a4d9b8aeed35976c76d4bad23
Details	sha256	1	c783bdf31d6ee3782d05fde9e87f70e9f3a9b39bf1684504770ce02f29d5b7e1
Details	sha256	1	42fe72df91aa852b257cc3227329eb5bf4fce5dabff34cd0093f1298e3b5454e
Details	sha256	1	1c29ee414b011a411db774015a98a8970bf90c3475f91f7547a16a8946cd5a81
Details	sha256	1	81bbcc887017cc47015421c38703c9c261e986c3fdcd7fef5ca4c01bcf997007
Details	sha256	1	6956ea59b4a70d68cd05e6e740598e76e1205b3e300f65c5eba324bebb31d7e8
Details	sha256	1	6322ebb240ba18119193412e0ed7b325af171ec9ad48f61ce532cc120418c8d5
Details	sha256	1	9f2bfedb157a610b8e0b481697bb28123a5eabd2df64b814007298dffd5e65ac
Details	sha256	1	e2dd1be91c6db4b52eab38b5409b39421613df0999176807d0a995c846465b38
Details	Url	33	https://api.telegram.org/bot
Details	Url	1	https://github.com/avast/ioc/tree/master/blustealer
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\chrom
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\paint
Details	Windows Registry Key	10	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Details	Windows Registry Key	11	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell