blustealer | 962e25829a14a95ad95d8893db8464eb072dffaf53bdb91e8a76d79a01e4f289 | Triage

Submit
Reports

Overview

overview

Static

static

DESIGN, SU...M..exe

windows7-x64

DESIGN, SU...M..exe

windows10-2004-x64

Sharing

General

Target

DESIGN, SUPPLY & INSTALLATION OF 2 WAREHOUSES” for TANAJIB GAS PLANT (TGP) – MARJAN DEVELOPMENT PROGRAM..exe
Size

268KB
Sample

220906-w8b3eshde9
MD5

c71ea43ecfe9c6a6ee76ee7c3faa3dab
SHA1

f09ff133049500bcb21d8ba9597535cb8b3b7246
SHA256

962e25829a14a95ad95d8893db8464eb072dffaf53bdb91e8a76d79a01e4f289
SHA512

18d98cda13d718e28e0c5bdd4cd56829189c96f422800a7573f2e37955bf43e203a99936d50ebc141c644b8461daed52686cd604738703697ddd7fcafebf9178
SSDEEP

3072:T5eihl7myXbEocvSaaEeUdFIglQESbhKjXB3Sc85FMW:T5eihRJXOr3xIglQPKbJSB5t

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

DESIGN, SUPPLY & INSTALLATION OF 2 WAREHOUSES” for TANAJIB GAS PLANT (TGP) – MARJAN DEVELOPMENT PROGRAM..exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

DESIGN, SUPPLY & INSTALLATION OF 2 WAREHOUSES” for TANAJIB GAS PLANT (TGP) – MARJAN DEVELOPMENT PROGRAM..exe

Resource

win10v2004-20220901-en

blustealer stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  DESIGN, SUPPLY & INSTALLATION OF 2 WAREHOUSES” for TANAJIB GAS PLANT (TGP) – MARJAN DEVELOPMENT PROGRAM..exe
- Size
  
  268KB
- MD5
  
  c71ea43ecfe9c6a6ee76ee7c3faa3dab
- SHA1
  
  f09ff133049500bcb21d8ba9597535cb8b3b7246
- SHA256
  
  962e25829a14a95ad95d8893db8464eb072dffaf53bdb91e8a76d79a01e4f289
- SHA512
  
  18d98cda13d718e28e0c5bdd4cd56829189c96f422800a7573f2e37955bf43e203a99936d50ebc141c644b8461daed52686cd604738703697ddd7fcafebf9178
- SSDEEP
  
  3072:T5eihl7myXbEocvSaaEeUdFIglQESbhKjXB3Sc85FMW:T5eihRJXOr3xIglQPKbJSB5t
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy