blustealer | e020b424ea22cc6206b882a18f6d1e5e39499982e96bc2dfc9bd461e03d40149 | Triage

Submit
Reports

Overview

overview

Static

static

Request Fo...df.exe

windows7-x64

Request Fo...df.exe

windows10-2004-x64

Sharing

General

Target

Request For Quotation And Sample.pdf.exe
Size

188KB
Sample

220726-rtspeaadfj
MD5

c5fac65456d0cf57baa56f43b6935ac6
SHA1

f0128eb5a26160c60a5f41cf1987b34456f21e4c
SHA256

e020b424ea22cc6206b882a18f6d1e5e39499982e96bc2dfc9bd461e03d40149
SHA512

602d4cba9760f5592dfb19fe25eba9fcdb15717977404c602bb56e44e887a3823243a8cf33dfa0f86c217b8289840040cc92d41c19e7424be38269774ab051cd

Score

10^/10

blustealer stormkitty collection persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation And Sample.pdf.exe

Resource

win7-20220718-en

blustealer stormkitty collection persistence spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation And Sample.pdf.exe

Resource

win10v2004-20220721-en

blustealer stormkitty collection stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Request For Quotation And Sample.pdf.exe
- Size
  
  188KB
- MD5
  
  c5fac65456d0cf57baa56f43b6935ac6
- SHA1
  
  f0128eb5a26160c60a5f41cf1987b34456f21e4c
- SHA256
  
  e020b424ea22cc6206b882a18f6d1e5e39499982e96bc2dfc9bd461e03d40149
- SHA512
  
  602d4cba9760f5592dfb19fe25eba9fcdb15717977404c602bb56e44e887a3823243a8cf33dfa0f86c217b8289840040cc92d41c19e7424be38269774ab051cd
Score

10^/10

blustealer stormkitty collection persistence spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionpersistencespywarestealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy