Overview

overview

10

Static

static

812e860ce5...af.exe

windows7-x64

10

812e860ce5...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    812e860ce5f169fed3c366dc9781e342e6c4da50e997c051e3788621ef71b6af.exe

  • Size

    763KB

  • Sample

    220804-f8x2wsbdc5

  • MD5

    99a852e331165dac3b18906d680ddde1

  • SHA1

    65f711d7a0c894caa4fcca0001ebe903bc479d35

  • SHA256

    812e860ce5f169fed3c366dc9781e342e6c4da50e997c051e3788621ef71b6af

  • SHA512

    d72b76890b6e00e900ddd33cf553512f92a212c59fcba3ac92887a162d0355e3f89f5649c514d492146801a8370237be3669fd2de892fe10a3219050a23c3652

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      812e860ce5f169fed3c366dc9781e342e6c4da50e997c051e3788621ef71b6af.exe

    • Size

      763KB

    • MD5

      99a852e331165dac3b18906d680ddde1

    • SHA1

      65f711d7a0c894caa4fcca0001ebe903bc479d35

    • SHA256

      812e860ce5f169fed3c366dc9781e342e6c4da50e997c051e3788621ef71b6af

    • SHA512

      d72b76890b6e00e900ddd33cf553512f92a212c59fcba3ac92887a162d0355e3f89f5649c514d492146801a8370237be3669fd2de892fe10a3219050a23c3652

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks