Overview

overview

10

Static

static

1

swift.exe

windows7-x64

10

swift.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05ecaff734c472124834e59d467bcbd2

  • Size

    792KB

  • Sample

    220901-zm36kaahgp

  • MD5

    05ecaff734c472124834e59d467bcbd2

  • SHA1

    5bb880a6327222de1e8c3a19538a4bd3784b4453

  • SHA256

    8ba60bbd351c55d665279d38e77639cb301ffdacaab09ed66515e9af0387e615

  • SHA512

    36cdaf22e8d605e6fe8fad0bf2628f6d32874b8f6f3cb0e51bdde16056788e9e1639efb8d6e3341510aef855a85205b6bb968b1deef79a66416ab85e021b33c1

  • SSDEEP

    12288:Ece/rvqao22+yVjcJyXiqgkvImUC3vtE8SNQWD5tWteuRadszOsLvGJ9boS5bKD:CvvMBVjcJ7q91FaliULkwL0SI

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      swift.exe

    • Size

      714KB

    • MD5

      3512514972b6f3d79491a5ded8617788

    • SHA1

      ba6548c7bf1227b05278dc2372a91347d7d100c3

    • SHA256

      fdeafb2bf6cc3d798d2fa099f3619d096f17a57b89172020922c2a63f48d8aeb

    • SHA512

      d638dc0bbd6b81053ed9cd58b7a276801748586a6039371f1a039399e0794a97758011e7bec08bfe7ec5ed25ad229e3d0273cae3b152d37133bb5f9a7b336e18

    • SSDEEP

      12288:a6HZX/QV280RF75ehGBEnuaDDhvJun2zro8b4p00zyIZPzHC2:aUGM80RZ5j8ucFRqQr1b5IVHC2

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks