blustealer | 3e2842c40ff26c60b69e08934b9b80fefe0cd2d091fbd6fa91a2b97f3487137c | Triage

Submit
Reports

Overview

overview

Static

static

Halkbank_E...54.exe

windows7-x64

Halkbank_E...54.exe

windows10-2004-x64

Sharing

General

Target

Halkbank_Ekstre_20220901_060735_484554.exe
Size

900KB
Sample

220901-mghw8aecb9
MD5

f53d6a0d4693488835b412fb558a75d3
SHA1

802139308484ab4905f5af9b40f17d01568a9790
SHA256

3e2842c40ff26c60b69e08934b9b80fefe0cd2d091fbd6fa91a2b97f3487137c
SHA512

561d6b80db0deca56af17f3debf422d7cfbe867629b000a0e5a232de2a1f296b2e355549edbb10866939e7ace619331919069ad54bc552b1585d4f9788d1febb
SSDEEP

24576:3Z5sXY+mzo3bvQhPGbuYKeS0eVIUdJyh:J5qlmzMIlGan0eD3C

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

Halkbank_Ekstre_20220901_060735_484554.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Halkbank_Ekstre_20220901_060735_484554.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Halkbank_Ekstre_20220901_060735_484554.exe
- Size
  
  900KB
- MD5
  
  f53d6a0d4693488835b412fb558a75d3
- SHA1
  
  802139308484ab4905f5af9b40f17d01568a9790
- SHA256
  
  3e2842c40ff26c60b69e08934b9b80fefe0cd2d091fbd6fa91a2b97f3487137c
- SHA512
  
  561d6b80db0deca56af17f3debf422d7cfbe867629b000a0e5a232de2a1f296b2e355549edbb10866939e7ace619331919069ad54bc552b1585d4f9788d1febb
- SSDEEP
  
  24576:3Z5sXY+mzo3bvQhPGbuYKeS0eVIUdJyh:J5qlmzMIlGan0eD3C
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy