Overview

overview

10

Static

static

Proof_Of_Payment.exe

windows7-x64

6

Proof_Of_Payment.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3881d65229a90b52002e7368d6d773aa

  • Size

    96KB

  • Sample

    220811-xrvzmsbbek

  • MD5

    3881d65229a90b52002e7368d6d773aa

  • SHA1

    818e43f4287e07122e95f7fef62da018f098c440

  • SHA256

    f6fe8be101673d1d50154bee3058e8369b476aef3087e4ab33d306f0ef02c384

  • SHA512

    3196e6753b10bd0d1ecf3b71f452089326b910e8f1b80921fe1e67181ea06c32ed2b55520be73fa310650b6c0b7767db4c2be496ad6b919e1cdba4339fdec0be

Score
10/10
blustealerstormkittycollectiondiscoverypersistencestealer

Malware Config

Targets

    • Target

      Proof_Of_Payment.exe

    • Size

      9KB

    • MD5

      31b0e183c76c3abca004ca61889690b2

    • SHA1

      65f30d8010385d7062eca3269d8c52fc9fcc2e09

    • SHA256

      4947ed5a393e7e294356cc60e17ce523b05ffc7774c1cd4bac128a0b83ecec22

    • SHA512

      314f614e825eed5a24fc3a7d21047d3223902c7ca136b1c61a7d9062093ff69147979eaf1406b0ebe709deba4926e19aecb6900659fa3371b28b35cfc3a095dc

    Score
    10/10
    discoveryblustealerstormkittycollectionpersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks