blustealer | 0bc2a4f1cac47c364ca35ed978d1d34d15546c5d499247e53f94b487f746dd03 | Triage

Submit
Reports

Overview

overview

Static

static

812-63-0x0...ry.exe

windows7-x64

812-63-0x0...ry.exe

windows10-2004-x64

Sharing

General

Target

812-63-0x0000000000400000-0x0000000000425000-memory.dmp
Size

148KB
Sample

220905-pz4yhsbgh6
MD5

df297b7d37420951d84527e03d84b875
SHA1

9e8cb0c3f76e1b3f18ad0990a9666bb74298469b
SHA256

0bc2a4f1cac47c364ca35ed978d1d34d15546c5d499247e53f94b487f746dd03
SHA512

9d3ddcd254f37c74b2e9690ad726b3243049b1988e71794d6a759f7267bd73666a4cb46abffa37e6745e9e5d62a1fe32a3df522e73ee63c8971464ec8733d040
SSDEEP

1536:LH7w/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioMZYCM99l8INLE2d7tXQQC:LHgZTkLfhjFSiO3o6ZYC7C/dS

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

812-63-0x0000000000400000-0x0000000000425000-memory.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

812-63-0x0000000000400000-0x0000000000425000-memory.exe

Resource

win10v2004-20220812-en

stormkitty collection stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  812-63-0x0000000000400000-0x0000000000425000-memory.dmp
- Size
  
  148KB
- MD5
  
  df297b7d37420951d84527e03d84b875
- SHA1
  
  9e8cb0c3f76e1b3f18ad0990a9666bb74298469b
- SHA256
  
  0bc2a4f1cac47c364ca35ed978d1d34d15546c5d499247e53f94b487f746dd03
- SHA512
  
  9d3ddcd254f37c74b2e9690ad726b3243049b1988e71794d6a759f7267bd73666a4cb46abffa37e6745e9e5d62a1fe32a3df522e73ee63c8971464ec8733d040
- SSDEEP
  
  1536:LH7w/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioMZYCM99l8INLE2d7tXQQC:LHgZTkLfhjFSiO3o6ZYC7C/dS
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy