blustealer | 87b4cdbfadddf0fb3f57f6d70aae952c2e44f1d426f56ace2ac3447d10303d92 | Triage

Submit
Reports

Overview

overview

Static

static

New Inquiry.exe

windows7-x64

9

New Inquiry.exe

windows10-2004-x64

Sharing

General

Target

New Inquiry.exe
Size

32KB
Sample

220823-qz8r5segcm
MD5

4c80af75e8d9ff6e21153417e57d2874
SHA1

665df68d4bad5d33cc0591ceedd6af500e1baa77
SHA256

87b4cdbfadddf0fb3f57f6d70aae952c2e44f1d426f56ace2ac3447d10303d92
SHA512

606ab2a04fd8730e0b447d7500c1fc5f352b663e5c43eade03f42109dddee61fd9749535d421c9b79552ca7e2cf1addaff4f6ae76dc9f58860242694f712a1c7
SSDEEP

768:w2/ipdSl4AAqxDKwGguTLqTDO5XNVZZb9W+:woipLguTLqvO5Xn9W+

Score

10^/10

blustealer stormkitty collection discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

New Inquiry.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Inquiry.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  New Inquiry.exe
- Size
  
  32KB
- MD5
  
  4c80af75e8d9ff6e21153417e57d2874
- SHA1
  
  665df68d4bad5d33cc0591ceedd6af500e1baa77
- SHA256
  
  87b4cdbfadddf0fb3f57f6d70aae952c2e44f1d426f56ace2ac3447d10303d92
- SHA512
  
  606ab2a04fd8730e0b447d7500c1fc5f352b663e5c43eade03f42109dddee61fd9749535d421c9b79552ca7e2cf1addaff4f6ae76dc9f58860242694f712a1c7
- SSDEEP
  
  768:w2/ipdSl4AAqxDKwGguTLqTDO5XNVZZb9W+:woipLguTLqvO5Xn9W+
Score

10^/10

discovery blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy