blustealer | 34df23156bed123d9fa7e52de2d1dedbf12d542f4bea0686e58ef284a8447eb2 | Triage

Submit
Reports

Overview

overview

Static

static

1736-61-0x...ry.exe

windows7-x64

1736-61-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1736-61-0x0000000000400000-0x0000000000421000-memory.dmp
Size

132KB
Sample

220901-l8w3gseag7
MD5

0396c5b0a9bce41e7ee1040070600a4e
SHA1

be51b6e27d3ff9eec578f4ae916038b84f3a64d9
SHA256

34df23156bed123d9fa7e52de2d1dedbf12d542f4bea0686e58ef284a8447eb2
SHA512

3625d276efbf099f32657d0453b42e3826bc84894787e9cc57ebd4472a6988010e9f495d7081893a299f77eaf0e4de371974d85ee3d1b0dc01019820876fed63
SSDEEP

1536:iks/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViocI6VPTHBQTvpO:iTZTkLfhjFSiO3oyI6f2

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1736-61-0x0000000000400000-0x0000000000421000-memory.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1736-61-0x0000000000400000-0x0000000000421000-memory.exe

Resource

win10v2004-20220812-en

stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1736-61-0x0000000000400000-0x0000000000421000-memory.dmp
- Size
  
  132KB
- MD5
  
  0396c5b0a9bce41e7ee1040070600a4e
- SHA1
  
  be51b6e27d3ff9eec578f4ae916038b84f3a64d9
- SHA256
  
  34df23156bed123d9fa7e52de2d1dedbf12d542f4bea0686e58ef284a8447eb2
- SHA512
  
  3625d276efbf099f32657d0453b42e3826bc84894787e9cc57ebd4472a6988010e9f495d7081893a299f77eaf0e4de371974d85ee3d1b0dc01019820876fed63
- SSDEEP
  
  1536:iks/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViocI6VPTHBQTvpO:iTZTkLfhjFSiO3oyI6f2
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy