Overview

overview

10

Static

static

gat.exe

windows7-x64

10

gat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gat.exe

  • Size

    601KB

  • Sample

    220831-hcb6nabhb8

  • MD5

    add0d682444f2f406e9dfe65a392e74e

  • SHA1

    08d8d51581a189be5beb3f3bb8886b6af250d170

  • SHA256

    beb46012919018735132f1ca08c31ac870b2be20e97a4b3fac463616c5504fa0

  • SHA512

    eccbd3d740d04c372207af34504258882566c4395395e0795143f492c148e2b58a6d33c812810ba35da68578288299c8cd077bcde9d1fd0ad7febb29be09029c

  • SSDEEP

    12288:9Ou3XDG2/F8/C/QpJQJuGHc55JtsFVwv4h05AhH8XUplgGpsaTo:fG2/m/NJE8XJgV5hQwqNGps3

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      gat.exe

    • Size

      601KB

    • MD5

      add0d682444f2f406e9dfe65a392e74e

    • SHA1

      08d8d51581a189be5beb3f3bb8886b6af250d170

    • SHA256

      beb46012919018735132f1ca08c31ac870b2be20e97a4b3fac463616c5504fa0

    • SHA512

      eccbd3d740d04c372207af34504258882566c4395395e0795143f492c148e2b58a6d33c812810ba35da68578288299c8cd077bcde9d1fd0ad7febb29be09029c

    • SSDEEP

      12288:9Ou3XDG2/F8/C/QpJQJuGHc55JtsFVwv4h05AhH8XUplgGpsaTo:fG2/m/NJE8XJgV5hQwqNGps3

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks