Overview

overview

10

Static

static

SWIFT_ IMG...22.exe

windows7-x64

10

SWIFT_ IMG...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SWIFT_ IMG 20220905-000022.exe

  • Size

    646KB

  • Sample

    220905-pphbrsghep

  • MD5

    4179939afb1db82fc27df59af2bd11ae

  • SHA1

    dbf869f15934922f0eab9fee87341ef2387e02ec

  • SHA256

    755de0017346d362f97a588336b88adc8d078bb699a2395c2957daa26207c16b

  • SHA512

    4f9f422435ef0daf8b30987569ed03968dfe76926c8da33da4a4b6cb9242b41523058764271c123a6117f090c2b67489b2ee2cfc564a6d8b6b7952f986eccd2c

  • SSDEEP

    12288:kzE+8K2iNEF75euLU//hykf0VVDYSNGlFuomH4oY3Cd0GCiTHcBXXt:tK16Z5foyA0VVDYSNyFuVH91dDG

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      SWIFT_ IMG 20220905-000022.exe

    • Size

      646KB

    • MD5

      4179939afb1db82fc27df59af2bd11ae

    • SHA1

      dbf869f15934922f0eab9fee87341ef2387e02ec

    • SHA256

      755de0017346d362f97a588336b88adc8d078bb699a2395c2957daa26207c16b

    • SHA512

      4f9f422435ef0daf8b30987569ed03968dfe76926c8da33da4a4b6cb9242b41523058764271c123a6117f090c2b67489b2ee2cfc564a6d8b6b7952f986eccd2c

    • SSDEEP

      12288:kzE+8K2iNEF75euLU//hykf0VVDYSNGlFuomH4oY3Cd0GCiTHcBXXt:tK16Z5foyA0VVDYSNyFuVH91dDG

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks