Overview

overview

10

Static

static

swift.exe

windows7-x64

10

swift.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift.exe

  • Size

    714KB

  • Sample

    220831-jwjkhsbcdk

  • MD5

    3512514972b6f3d79491a5ded8617788

  • SHA1

    ba6548c7bf1227b05278dc2372a91347d7d100c3

  • SHA256

    fdeafb2bf6cc3d798d2fa099f3619d096f17a57b89172020922c2a63f48d8aeb

  • SHA512

    d638dc0bbd6b81053ed9cd58b7a276801748586a6039371f1a039399e0794a97758011e7bec08bfe7ec5ed25ad229e3d0273cae3b152d37133bb5f9a7b336e18

  • SSDEEP

    12288:a6HZX/QV280RF75ehGBEnuaDDhvJun2zro8b4p00zyIZPzHC2:aUGM80RZ5j8ucFRqQr1b5IVHC2

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      swift.exe

    • Size

      714KB

    • MD5

      3512514972b6f3d79491a5ded8617788

    • SHA1

      ba6548c7bf1227b05278dc2372a91347d7d100c3

    • SHA256

      fdeafb2bf6cc3d798d2fa099f3619d096f17a57b89172020922c2a63f48d8aeb

    • SHA512

      d638dc0bbd6b81053ed9cd58b7a276801748586a6039371f1a039399e0794a97758011e7bec08bfe7ec5ed25ad229e3d0273cae3b152d37133bb5f9a7b336e18

    • SSDEEP

      12288:a6HZX/QV280RF75ehGBEnuaDDhvJun2zro8b4p00zyIZPzHC2:aUGM80RZ5j8ucFRqQr1b5IVHC2

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks