ioc[.]one - OSINT Cyber Threat Intelligence Database

BluStealer arriva in Italia: come è fatto il malware che ruba password, carte di credito, e-mail e criptovalute

Tags

attack-pattern:

Data Credentials - T1589.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	a9ebb36b-8ef1-47ac-86ae-63085f26a913
Fingerprint	d1c374ebd086c67
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 6, 2022, midnight
Added to db	Jan. 16, 2023, 3:53 p.m.
Last updated	Nov. 17, 2024, 6:31 p.m.
Headline	CERT-AGID Computer Emergency Response TeamAGID
Title	BluStealer arriva in Italia: come è fatto il malware che ruba password, carte di credito, e-mail e criptovalute
Detected Hints/Tags/Attributes	61/1/50

Source URLs

	Redirection	Url
Details	Source	https://cert-agid.gov.it/news/blustealer-arriva-in-italia-come-e-fatto-il-malware-che-ruba-password-carte-di-credito-e-mail-e-criptovalute/

URL Provider

Details	Provider	Source level domain
Details	cert-agid.gov.it	cert-agid.gov.it

Attributes

Details	Type	#Events	Value
Details	Domain	4	showip.net
Details	Domain	1	www.mediacollege.com
Details	Domain	2	cryptowallets.zip
Details	Domain	1	global.app
Details	Domain	372	wscript.shell
Details	Domain	14	files.zip
Details	Domain	1	dorkedmail.shop
Details	Domain	1	me.to
Details	Domain	73	schemas.microsoft.com
Details	Domain	285	microsoft.net
Details	Domain	1	me.run
Details	Email	1	sender@dorkedmail.shop
Details	Email	1	health@dorkedmail.shop
Details	File	1	ref407582.exe
Details	File	1	cswytgvgrthoeykgymg.dll
Details	File	1	offic.exe
Details	File	20	msvbvm60.dll
Details	File	1	flattie.exe
Details	File	15	credentials.txt
Details	File	2	cryptowallets.zip
Details	File	21	exodus.wallet
Details	File	1	%appdata%\microsoft\windows\templates\credentials.txt
Details	File	5	messages.txt
Details	File	1	163mailmessages.txt
Details	File	5	contacts.txt
Details	File	1	163contacts.txt
Details	File	1	%appdata%\microsoft\windows\templates\fireball.exe
Details	File	1	fireball.exe
Details	File	1	global.exe
Details	File	1	me.reg
Details	File	15	files.zip
Details	File	1	me.config
Details	File	1	fgfhgf.exe
Details	File	1	ryyrhrttg.exe
Details	File	4	credentials.exe
Details	File	28	program.exe
Details	File	4	program.dat
Details	File	5	environment.sys
Details	File	3	winsqlite3.dll
Details	File	5	vbscript.reg
Details	Url	1	http://showip.net
Details	Url	1	https://www.mediacollege.com/internet/utilities/show-ip.shtml
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/sendusing
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/smtpauthenticate
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/smtpserver
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/smtpserverport
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/smtpusessl
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/sendusername
Details	Url	2	http://schemas.microsoft.com/cdo/configuration/sendpassword
Details	Windows Registry Key	3	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce