Overview

overview

10

Static

static

doc 270088...df.exe

windows7-x64

10

doc 270088...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc 27008875424678 001.pdf.exe

  • Size

    612KB

  • Sample

    220727-p71k3aeaem

  • MD5

    e439e9fd2d06802bc8aba7114efeb276

  • SHA1

    a158391f5f8bdd683852dc95c1bc144852f38a02

  • SHA256

    67b1c9f9637d8c16e2966babd6b7a06c2396cbc918b31c0649adf61b7a2a7778

  • SHA512

    4aef174be589396ac8b2fbc6eb02b13378b62a5d75659a67c14af83f6a00248450a9e641cd52cadc9e83394db10bc44673de387380a46618c9e61e813bfbfef8

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      doc 27008875424678 001.pdf.exe

    • Size

      612KB

    • MD5

      e439e9fd2d06802bc8aba7114efeb276

    • SHA1

      a158391f5f8bdd683852dc95c1bc144852f38a02

    • SHA256

      67b1c9f9637d8c16e2966babd6b7a06c2396cbc918b31c0649adf61b7a2a7778

    • SHA512

      4aef174be589396ac8b2fbc6eb02b13378b62a5d75659a67c14af83f6a00248450a9e641cd52cadc9e83394db10bc44673de387380a46618c9e61e813bfbfef8

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks