blustealer | 98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8
Size

406KB
Sample

220817-gs8zwsbdhj
MD5

2bb1aa0fd3ba10b9da58570bdf755402
SHA1

a31cb26e9cd88c0a26b576aa4f185ed5f5135fb4
SHA256

98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8
SHA512

2cba6e41ad6978ea4914e52823d1af6c0372933eba71bc7e2ad4fd732a8c4ed905418ec0f7507835bacc81121e9784703239a2ce429406e61fd3abfea4901356
SSDEEP

6144:UvEN2U+T6i5LirrllHy4HUcMQY6pdrsX/:GENN+T5xYrllrU7QY6pGv

Score

10^/10

blustealer stormkitty collection evasion persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection evasion persistence stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8
- Size
  
  406KB
- MD5
  
  2bb1aa0fd3ba10b9da58570bdf755402
- SHA1
  
  a31cb26e9cd88c0a26b576aa4f185ed5f5135fb4
- SHA256
  
  98d37790e570afd49b7a00192019f6c9e7c84e96069da4daa1b64a6cc88695a8
- SHA512
  
  2cba6e41ad6978ea4914e52823d1af6c0372933eba71bc7e2ad4fd732a8c4ed905418ec0f7507835bacc81121e9784703239a2ce429406e61fd3abfea4901356
- SSDEEP
  
  6144:UvEN2U+T6i5LirrllHy4HUcMQY6pdrsX/:GENN+T5xYrllrU7QY6pGv
Score

10^/10

blustealer stormkitty collection evasion persistence stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionevasionpersistencestealer

© 2018-2025

Terms | Privacy