Overview

overview

10

Static

static

Invoice no. 004.exe

windows7-x64

10

Invoice no. 004.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice no. 004.r01

  • Size

    515KB

  • Sample

    220831-ptljzsecdn

  • MD5

    d881f1b854039ae705aeb2133aeca07a

  • SHA1

    da12ae28410e7aa55aa10e0e7d46b0e06c5ee89d

  • SHA256

    77c6e1965847d0c468be046c2360733a408b0b7641eca5514b5810e2f132eec6

  • SHA512

    fc6bb8386b152f7fd48ae54251076eecdbe0d1956b53eb75a0b1a2e1aa78d93d74951dd132aa2b56ef95a661742e87230ee0223b30caa83c0dbb2d36debf34a3

  • SSDEEP

    12288:+Y6tu0Q6mCUS1mZXBR2yXHQ+OUBdeMqX4Vym7LuIR:+VpjmRSURPOUBdUXmuIR

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      Invoice no. 004.exe

    • Size

      626KB

    • MD5

      5500eeff820e3f9518f14ac32df4e735

    • SHA1

      25af6b1565154eac95865b9db7944b9bbc842493

    • SHA256

      45035676e4441c255385a1436d86540859459f5b1f3105e7a21bc9c07057276c

    • SHA512

      79579fbacb4d138e39b73ccdc0a0dcc5683c7abe55691ca8f35e8c55001fd9d801122b5b9b8a5e5e64fef1e4a6508fd1bf84547bb09cc37a1c9fa6787bb2edef

    • SSDEEP

      12288:zTMyRj2hhIFdlf3VqRc4l75hFILoX8dDSYEXFBNCxUmeGptLWlqYCYvx8S:zTMqKkFdN3+cs77FD2Do3jmFpwlgYvx

    Score
    10/10
    blustealerstealerstormkittycollection

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks