Overview

overview

10

Static

static

fatura.exe

windows7-x64

10

fatura.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fatura.exe

  • Size

    723KB

  • Sample

    220825-nte7jacdfk

  • MD5

    cc54952e86597e81dc31e6e726b41fbd

  • SHA1

    1f0020ef077096b0e01f38aec4c2902a2dfe7d9d

  • SHA256

    2db92360a5d32dd3761be21606b76a93a201e8f984198ae8f3fd3fee12759b39

  • SHA512

    57d310b056f06cefa46c7ae18998958dcbe2ab96aa3b03f11f2a2cc0dc3e0c5c32eb81ea7ccd149f2d482a11ccd0edc2c1982d785fa96dd597540e222a56f6d0

  • SSDEEP

    12288:siCQy/iT/0e5hz9bH2iNKT/0e5hz9bdihUj8fnLFg4vOq7hyTR6lxFhrxKo7/k6R:JCgT/0shbH1IT/0shbdWUj8fh2q70Nuk

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      fatura.exe

    • Size

      723KB

    • MD5

      cc54952e86597e81dc31e6e726b41fbd

    • SHA1

      1f0020ef077096b0e01f38aec4c2902a2dfe7d9d

    • SHA256

      2db92360a5d32dd3761be21606b76a93a201e8f984198ae8f3fd3fee12759b39

    • SHA512

      57d310b056f06cefa46c7ae18998958dcbe2ab96aa3b03f11f2a2cc0dc3e0c5c32eb81ea7ccd149f2d482a11ccd0edc2c1982d785fa96dd597540e222a56f6d0

    • SSDEEP

      12288:siCQy/iT/0e5hz9bH2iNKT/0e5hz9bdihUj8fnLFg4vOq7hyTR6lxFhrxKo7/k6R:JCgT/0shbH1IT/0shbdWUj8fh2q70Nuk

    Score
    10/10
    blustealerstormkittystealercollection

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks