blustealer | 1d9598ad9d7e41bd0513c7d263c805fb0598f18c7c69e3997bd109c1e058f212 | Triage

Submit
Reports

Overview

overview

Static

static

Doc8997809...df.exe

windows7-x64

Doc8997809...df.exe

windows10-2004-x64

Sharing

General

Target

Doc899780979080888.pdf.exe
Size

710KB
Sample

220727-gs3g4sahcn
MD5

1156288fa7b4504d394e7006ce7eb902
SHA1

75225ebadb39e96e97c5a0c859ae6044f873a524
SHA256

1d9598ad9d7e41bd0513c7d263c805fb0598f18c7c69e3997bd109c1e058f212
SHA512

92a7cdb3242dad94e9f0c2bcb72cfeec17817e98c7485798e572a2cac8cf3ad48e069f425a03684fa9705c53332dee3433cc358b89da43103fb9bf0cf4457076

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Doc899780979080888.pdf.exe

Resource

win7-20220718-en

blustealer stormkitty collection spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Doc899780979080888.pdf.exe

Resource

win10v2004-20220721-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Doc899780979080888.pdf.exe
- Size
  
  710KB
- MD5
  
  1156288fa7b4504d394e7006ce7eb902
- SHA1
  
  75225ebadb39e96e97c5a0c859ae6044f873a524
- SHA256
  
  1d9598ad9d7e41bd0513c7d263c805fb0598f18c7c69e3997bd109c1e058f212
- SHA512
  
  92a7cdb3242dad94e9f0c2bcb72cfeec17817e98c7485798e572a2cac8cf3ad48e069f425a03684fa9705c53332dee3433cc358b89da43103fb9bf0cf4457076
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy