blustealer | caa35b4c21e4699fc29779b506d16742297d07026f48a6d3db435890d7d8a02a | Triage

Submit
Reports

Overview

overview

Static

static

984-63-0x0...ry.exe

windows7-x64

984-63-0x0...ry.exe

windows10-2004-x64

Sharing

General

Target

984-63-0x0000000000400000-0x0000000000424000-memory.dmp
Size

144KB
Sample

220906-lysbjsgbhm
MD5

df5c20d0d6be13aa4412d0ad5da0ee74
SHA1

fb939c9c76b403ad9b8af0489a9ab391b5b86296
SHA256

caa35b4c21e4699fc29779b506d16742297d07026f48a6d3db435890d7d8a02a
SHA512

50f8197a83daf35cbe54f9e6fa8628fe12df48f797fdc43928688d23e3b09b681762dfb616a6e89f83f31a513f410dc811937ddb5185a04727e10dfb75b6ec31
SSDEEP

1536:Ig/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViou1jF+AQI/8hjE7q0:IMZTkLfhjFSiO3o+X1eA7q0

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

984-63-0x0000000000400000-0x0000000000424000-memory.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

984-63-0x0000000000400000-0x0000000000424000-memory.exe

Resource

win10v2004-20220901-en

stormkitty collection stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  984-63-0x0000000000400000-0x0000000000424000-memory.dmp
- Size
  
  144KB
- MD5
  
  df5c20d0d6be13aa4412d0ad5da0ee74
- SHA1
  
  fb939c9c76b403ad9b8af0489a9ab391b5b86296
- SHA256
  
  caa35b4c21e4699fc29779b506d16742297d07026f48a6d3db435890d7d8a02a
- SHA512
  
  50f8197a83daf35cbe54f9e6fa8628fe12df48f797fdc43928688d23e3b09b681762dfb616a6e89f83f31a513f410dc811937ddb5185a04727e10dfb75b6ec31
- SSDEEP
  
  1536:Ig/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViou1jF+AQI/8hjE7q0:IMZTkLfhjFSiO3o+X1eA7q0
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy