blustealer | 3082e3092bb33be6fe12afd5df501b83b82c0f6046e4ef0f60bfb2cd3291c002 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

doc 202207...df.exe

windows7-x64

doc 202207...df.exe

windows10-2004-x64

Sharing

General

Target

doc 20220726 009910 984993.pdf.exe
Size

900KB
Sample

220801-jsn1tsfcgk
MD5

e5bccfe4fba287ecb2d35ae166de15c8
SHA1

c308ec8b89f71d5816810ae55780152c255a1914
SHA256

3082e3092bb33be6fe12afd5df501b83b82c0f6046e4ef0f60bfb2cd3291c002
SHA512

07bd84ca40611f94b4c32f610a28e18c3c52639b67865bdfee98699afb2b14305da5b2e3d7115481b313a1de91f683fe2cb4997d7f2d6c9e7ac4e978baf8631a

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

doc 20220726 009910 984993.pdf.exe

Resource

win7-20220718-en

blustealer stormkitty collection stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

doc 20220726 009910 984993.pdf.exe

Resource

win10v2004-20220721-en

blustealer stormkitty collection stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  doc 20220726 009910 984993.pdf.exe
- Size
  
  900KB
- MD5
  
  e5bccfe4fba287ecb2d35ae166de15c8
- SHA1
  
  c308ec8b89f71d5816810ae55780152c255a1914
- SHA256
  
  3082e3092bb33be6fe12afd5df501b83b82c0f6046e4ef0f60bfb2cd3291c002
- SHA512
  
  07bd84ca40611f94b4c32f610a28e18c3c52639b67865bdfee98699afb2b14305da5b2e3d7115481b313a1de91f683fe2cb4997d7f2d6c9e7ac4e978baf8631a
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy