Overview

overview

10

Static

static

818a637e16...7b.exe

windows7-x64

1

818a637e16...7b.exe

windows10-1703-x64

10

818a637e16...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7910806183.zip

  • Size

    7KB

  • Sample

    220905-j2z5fsdehp

  • MD5

    a0e13f5c4dead1d8cf9d3db86e1da72b

  • SHA1

    947c8e4670b7617444e8cfddc8887635e4d6f27b

  • SHA256

    4e42c439ab93674f0116c32953d7aeb1f89a38935ded452ef4a642fae32fdf98

  • SHA512

    67d1cf73c7b2f9db68de2bdaa2d0994087a49692ce238777720e938d67f030da7df271a0ad8dee550dd5feb0e841b32adc21aa23a660296f87f75f0c9aa5065f

  • SSDEEP

    192:AQpGvxBDWbnTjeSx9ohHCEV94v1V1+ox2C2yIxyiFUV9PFv9y:AvvxlWqZpVUVk+2oSbFwxry

Score
10/10
blustealerstormkittycollectionpersistencestealer

Malware Config

Targets

    • Target

      818a637e160bfbf0f1ba621112396c7feac8c395afbd94ea2f19d3c43c00c57b

    • Size

      25KB

    • MD5

      9f43248187fe6f832efbc39ef5479a19

    • SHA1

      f14868a26a528cb59ff1ef197345a0c326c8bc73

    • SHA256

      818a637e160bfbf0f1ba621112396c7feac8c395afbd94ea2f19d3c43c00c57b

    • SHA512

      ef5d917809d33d0246de23a452c21ddbb79c12d9d42be3f0b045d71160e40397756b5c3f418a40c5cdefc435024964c8c1f02d5284dd7ccfa3e8f26cfd769ca0

    • SSDEEP

      192:GDBxon7JSbJooopoymOFzxqUdnqX3K6/sHn3SUNZfIZlBze3u8hHQaI+:yBCU2mqzMUdnqXaoUXfQBSra

    Score
    10/10
    blustealerstormkittycollectionpersistencestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks