Overview

overview

10

Static

static

MV NEW LON...LE.exe

windows7-x64

10

MV NEW LON...LE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV NEW LONDON EAGLE.exe

  • Size

    694KB

  • Sample

    220817-kqe6ksdccn

  • MD5

    eba4d2ae1e21dd2d6d8fffe408d6adbd

  • SHA1

    ec8874543247658819ebd6dfbf8f14c2b4a4f0a3

  • SHA256

    d4480d07c420969d1a3fa0f5520bc27017fca825b45ed625fe10a7f6f6852e84

  • SHA512

    61b468f07f61f4884584831bc0b6c675b4bda274ffeaafc02c1082d72e4b86bda40b55655a99c519ef3368dd033f2f485c9fa84f7be4fcc8cf15950abf299f4b

  • SSDEEP

    12288:otBaV1ki3P+/ScJHm1cFtaikJnZ4lX+3JzT+juwYOqxJlZ:ot4Vui3VIqglXsJ3+jul

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      MV NEW LONDON EAGLE.exe

    • Size

      694KB

    • MD5

      eba4d2ae1e21dd2d6d8fffe408d6adbd

    • SHA1

      ec8874543247658819ebd6dfbf8f14c2b4a4f0a3

    • SHA256

      d4480d07c420969d1a3fa0f5520bc27017fca825b45ed625fe10a7f6f6852e84

    • SHA512

      61b468f07f61f4884584831bc0b6c675b4bda274ffeaafc02c1082d72e4b86bda40b55655a99c519ef3368dd033f2f485c9fa84f7be4fcc8cf15950abf299f4b

    • SSDEEP

      12288:otBaV1ki3P+/ScJHm1cFtaikJnZ4lX+3JzT+juwYOqxJlZ:ot4Vui3VIqglXsJ3+jul

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks