Overview

overview

10

Static

static

Halkbank,.pdf.exe

windows7-x64

10

Halkbank,.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Halkbank,.pdf.exe

  • Size

    628KB

  • Sample

    220804-ktap9schf6

  • MD5

    a63e6e9c58e82cce53442ebacb9fb399

  • SHA1

    b82363c41eea39a1db51c2ac9bff713dfac171e7

  • SHA256

    ec8fddcd3c310a14168754ee1965cfb5c7d7c86360a146c1da4c042afb551dda

  • SHA512

    a69cb143ca04b34657421ccc366eb70a752d13e8cc363398486ec6f1abefa8032c156b7abfb38f7a9cc885f8410c835f9f945b515d75384325a7d1e800e7adc7

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      Halkbank,.pdf.exe

    • Size

      628KB

    • MD5

      a63e6e9c58e82cce53442ebacb9fb399

    • SHA1

      b82363c41eea39a1db51c2ac9bff713dfac171e7

    • SHA256

      ec8fddcd3c310a14168754ee1965cfb5c7d7c86360a146c1da4c042afb551dda

    • SHA512

      a69cb143ca04b34657421ccc366eb70a752d13e8cc363398486ec6f1abefa8032c156b7abfb38f7a9cc885f8410c835f9f945b515d75384325a7d1e800e7adc7

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks