Overview

overview

10

Static

static

346277a4a4...53.exe

windows7-x64

10

346277a4a4...53.exe

windows10-2004-x64

10

Resubmissions

30-08-2022 19:48

220830-yjjr3sffgk 10

30-08-2022 19:47

220830-yhqh8sffdn 10

30-08-2022 18:54

220830-xj8krsdggl 10

30-08-2022 18:49

220830-xgb4safbh4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    346277a4a4b0582ad1e74421617c8d1c33708c0a3803ff2b56ab7bc3af0d7c53.zip

  • Size

    785KB

  • Sample

    220830-xj8krsdggl

  • MD5

    3193ef11e27f855e70bb4c12fe25a4f9

  • SHA1

    4635517613a9d01ab59e35eafec6e99cfc111410

  • SHA256

    013df4f0d833c4efa3faff7ac1ac571159d8843116a095beaab79651490b0f75

  • SHA512

    934eaa18c9e50cc43f440bd4b0492258ab662b71f43bf0f3cc108b4448da6307bcbb0b990826b4687800caf518f1a7d7ecf95dc4219c7d380278bf3e3671c19b

  • SSDEEP

    12288:J3rSztdqsuEIFnqecQS+1jLZlLew/Iqz1eRuhLUrh7hO/XWMy7WtWemeLulcIfmy:psHVp2jbzz4RuhchO/XWLWtmeL+c+D

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      346277a4a4b0582ad1e74421617c8d1c33708c0a3803ff2b56ab7bc3af0d7c53.exe

    • Size

      924KB

    • MD5

      6b2874b71838bb35b1bbf5394322cf2a

    • SHA1

      e9f112a2cd8af4359d3833c59421b89dde2f52dd

    • SHA256

      346277a4a4b0582ad1e74421617c8d1c33708c0a3803ff2b56ab7bc3af0d7c53

    • SHA512

      4c315bbc83e1bc418d3bbbc6212a0c42d4aa4b73b4bf8c9f9bc7244b7fc833c5baa105b5c983383720cd04b415fa07d881857daf4efce028c21f947b8ecd261b

    • SSDEEP

      12288:sjVF75eQyMCHA4bPgkgPwqoXYkCkgrQlU2h3Wqzqqj3rZ8D8R/7pkqIwpq:kZ50MEZXYkCTQlU2VWqz9NWA/7R0

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks