blustealer | 2c2c5ea09fe6d23ec5a01adf608d58040f97fa65682ff72bbad31991f2c3e75d | Triage

Submit
Reports

Overview

overview

Static

static

1052-67-0x...ry.exe

windows7-x64

1052-67-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1052-67-0x0000000000400000-0x0000000000422000-memory.dmp
Size

136KB
Sample

220901-mk8xtacccr
MD5

b118fb3925ee0988963731f47d9839be
SHA1

bb5cc63ef15ece861a185461be2daa19c82f75f5
SHA256

2c2c5ea09fe6d23ec5a01adf608d58040f97fa65682ff72bbad31991f2c3e75d
SHA512

6b61606365458508a3dd8c39a691b66a6dbf8043786a4ddeaf8aac0f74b6c9c762bc4eb3f3d879278e40d27b8c81112b0e13ee37aeaed9f521bd67e65eae1cc9
SSDEEP

1536:fbJd/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVior93DJQXp3ZRsjcU0K3h:fnZTkLfhjFSiO3onaRsjkK

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1052-67-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1052-67-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win10v2004-20220812-en

stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1052-67-0x0000000000400000-0x0000000000422000-memory.dmp
- Size
  
  136KB
- MD5
  
  b118fb3925ee0988963731f47d9839be
- SHA1
  
  bb5cc63ef15ece861a185461be2daa19c82f75f5
- SHA256
  
  2c2c5ea09fe6d23ec5a01adf608d58040f97fa65682ff72bbad31991f2c3e75d
- SHA512
  
  6b61606365458508a3dd8c39a691b66a6dbf8043786a4ddeaf8aac0f74b6c9c762bc4eb3f3d879278e40d27b8c81112b0e13ee37aeaed9f521bd67e65eae1cc9
- SSDEEP
  
  1536:fbJd/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVior93DJQXp3ZRsjcU0K3h:fnZTkLfhjFSiO3onaRsjkK
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy