Overview

overview

10

Static

static

cc958c7f5b...83.exe

windows7-x64

10

cc958c7f5b...83.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc958c7f5b0df9478942f85bc4c4d391e14199149a1c443dae217dd288017683

  • Size

    266KB

  • Sample

    220805-k3mq7aadam

  • MD5

    47ac5b93c393ffb0f3451675855ebb15

  • SHA1

    90ebc874f7c47f5e36182c552622c4ca6c284c0a

  • SHA256

    cc958c7f5b0df9478942f85bc4c4d391e14199149a1c443dae217dd288017683

  • SHA512

    484beb7b5f9ea29d138c18ccb1e36e0a9a94156177c1bed68da3fd701340a15388fc10b540e1941c7eb3d925b21c601d9c3528872f835c74f3eb321530f6867d

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      cc958c7f5b0df9478942f85bc4c4d391e14199149a1c443dae217dd288017683

    • Size

      266KB

    • MD5

      47ac5b93c393ffb0f3451675855ebb15

    • SHA1

      90ebc874f7c47f5e36182c552622c4ca6c284c0a

    • SHA256

      cc958c7f5b0df9478942f85bc4c4d391e14199149a1c443dae217dd288017683

    • SHA512

      484beb7b5f9ea29d138c18ccb1e36e0a9a94156177c1bed68da3fd701340a15388fc10b540e1941c7eb3d925b21c601d9c3528872f835c74f3eb321530f6867d

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks