Overview

overview

10

Static

static

Ziraat Ban...aj.exe

windows7-x64

10

Ziraat Ban...aj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ziraat Bankas Swift Mesaj.exe

  • Size

    434KB

  • Sample

    220728-tdpnxshah6

  • MD5

    49a315adc23495aea8ed27cfb1e74b2d

  • SHA1

    df976bb5c6b4a444275bc45b863ef4e8e99c360e

  • SHA256

    4355bf421266b0e7eafb3de8975d4aa925363c3adfe167fa550dcf02e56b6a64

  • SHA512

    23d409c3638b592d94bb8dce46039a45870b79ec015892e7bf8a5892cc47d439f04cbfa4cdf7eab69619645e913c5793d15c22a349d3549e624145739943e706

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      Ziraat Bankas Swift Mesaj.exe

    • Size

      434KB

    • MD5

      49a315adc23495aea8ed27cfb1e74b2d

    • SHA1

      df976bb5c6b4a444275bc45b863ef4e8e99c360e

    • SHA256

      4355bf421266b0e7eafb3de8975d4aa925363c3adfe167fa550dcf02e56b6a64

    • SHA512

      23d409c3638b592d94bb8dce46039a45870b79ec015892e7bf8a5892cc47d439f04cbfa4cdf7eab69619645e913c5793d15c22a349d3549e624145739943e706

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Downloads MZ/PE file

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks