blustealer | 6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf
Size

406KB
Sample

220809-t758rsdbal
MD5

45061e4da841c2587d0890148705a142
SHA1

eb68218c1d70f3ba00f8190c8171ad1cfa2fb42a
SHA256

6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf
SHA512

01a561bbb8418364078e4751e69a5d61075220cfbaa7582a0b664ccc1fd45b6dd1accc4ef3dd2b2e6b0dc1a99d9e5f5605ee453eb6c1010c28a189109a51c294

Score

10^/10

blustealer stormkitty collection evasion persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf.exe

Resource

win10v2004-20220721-en

blustealer stormkitty collection evasion persistence stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf
- Size
  
  406KB
- MD5
  
  45061e4da841c2587d0890148705a142
- SHA1
  
  eb68218c1d70f3ba00f8190c8171ad1cfa2fb42a
- SHA256
  
  6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf
- SHA512
  
  01a561bbb8418364078e4751e69a5d61075220cfbaa7582a0b664ccc1fd45b6dd1accc4ef3dd2b2e6b0dc1a99d9e5f5605ee453eb6c1010c28a189109a51c294
Score

10^/10

blustealer stormkitty collection evasion persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionevasionpersistencestealer

© 2018-2025

Terms | Privacy