Overview

overview

10

Static

static

account.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20220902_044320_Nxlu0cxKmCmhkzKzxgIaXzlU6qcm-_Xl.zip

  • Size

    830KB

  • Sample

    220902-twydsaghbq

  • MD5

    5b07b6133fb57c7d161e2e20ce999a49

  • SHA1

    a1c9b6d007966bc44a15394bf45ad51bbf822ee9

  • SHA256

    f76601825a80e9bfea0b7d3e378493e8f221ef1d95ef2329a0222aad52be9a3f

  • SHA512

    f2e6e4e8ba3ebc31ad5ba38fe3bdab20e9f62e741431779a22836cc2f039e8919297023e4b8d1ba6b05f7d55f64a1356f82f19d053d3683ab456ffb900009eb7

  • SSDEEP

    24576:n/f+CBHdc60oIzbBvt67jwrzK/+nbQ71qSfx:/L1dc6Cz91h9ngpfx

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      account.exe

    • Size

      834KB

    • MD5

      ed087331c9c97859d6d30bca5245b42d

    • SHA1

      6f1f422171174486c9de328041a0606273b763aa

    • SHA256

      15af08408332677507425dd21c6e04fa469e1129c21dc9ae2d830cc5c8aa0642

    • SHA512

      336290c2b7b578fd9022b8d2b5708f27be6e56a8ac2cdcc2369a705896ad00a6920c76d295f24715c3063de4e71e7829cccd80a1c63558dc662b7544522daf0a

    • SSDEEP

      12288:nF75eRgPwqoXY+mzoRtbvRT7PJ7Na+6ZmvatTu7Fm8gAxYS6L9ETD:nZ5wXY+mzo3bv/Ra+CmiRusyYD

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks