SYMBOLCOMMON_NAMEaka. SYNONYMS
win.blustealer (Back to overview)

BluStealer

aka: a310logger

Avast describe this malware as a recombination of other malware including SpyEx, ThunderFox, ChromeRecovery, StormKitty, and firepwd.

References
2022-05-03Minerva LabsNatalie Zargarov
@online{zargarov:20220503:new:f109a33, author = {Natalie Zargarov}, title = {{A new BluStealer Loader Uses Direct Syscalls to Evade EDRs}}, date = {2022-05-03}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs}, language = {English}, urldate = {2022-05-05} } A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
BluStealer
2021-10-07BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20211007:threat:f124dbd, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: BluStealer Infostealer}}, date = {2021-10-07}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/10/threat-thursday-blustealer-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: BluStealer Infostealer
BluStealer
2021-09-22GoSecureGoSecure
@online{gosecure:20210922:gosecure:c1946aa, author = {GoSecure}, title = {{GoSecure Titan Labs Technical Report: BluStealer Malware Threat}}, date = {2021-09-22}, organization = {GoSecure}, url = {https://www.gosecure.net/blog/2021/09/22/gosecure-titan-labs-technical-report-blustealer-malware-threat/}, language = {English}, urldate = {2021-09-23} } GoSecure Titan Labs Technical Report: BluStealer Malware Threat
BluStealer
2021-09-20Avast DecodedAnh ho
@online{ho:20210920:blustealer:9beaf4b, author = {Anh ho}, title = {{BluStealer: from SpyEx to ThunderFox}}, date = {2021-09-20}, organization = {Avast Decoded}, url = {https://decoded.avast.io/anhho/blustealer/}, language = {English}, urldate = {2021-09-22} } BluStealer: from SpyEx to ThunderFox
BluStealer
2021-09-13Twitter (@GoSecure_Inc)GoSecure
@online{gosecure:20210913:bluestealer:62a42aa, author = {GoSecure}, title = {{Tweet on BlueStealer}}, date = {2021-09-13}, organization = {Twitter (@GoSecure_Inc)}, url = {https://twitter.com/GoSecure_Inc/status/1437435265350397957}, language = {English}, urldate = {2021-09-22} } Tweet on BlueStealer
BluStealer

There is no Yara-Signature yet.