Overview

overview

10

Static

static

hesapharek...df.exe

windows7-x64

10

hesapharek...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hesaphareketi-01.pdf.exe

  • Size

    967KB

  • Sample

    220908-fwnbxsdfe3

  • MD5

    20be6ec20e3f2b6dab78f6d42d31371c

  • SHA1

    d54e72166d35c429dee3b5c5e227afe2fcb7ad7c

  • SHA256

    a29933d22324521ab3f6fccd48df10ae472f62e73ada2f6550d971322594e071

  • SHA512

    e24cf1d9fa97b687273a94fcdb8d1571b23905cfe2123e08ff5d3fdf85a02e7c8107fdb6826a8690ec3f38c1d1d05f89ba7ede26a93f4f6245d46a18f5466ad0

  • SSDEEP

    12288:NA9b0ZeV01NRnWNwwUyJRcOKcN3XhYxkY3hZ29:wXyrpcwVyTcOJNHOx+

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      hesaphareketi-01.pdf.exe

    • Size

      967KB

    • MD5

      20be6ec20e3f2b6dab78f6d42d31371c

    • SHA1

      d54e72166d35c429dee3b5c5e227afe2fcb7ad7c

    • SHA256

      a29933d22324521ab3f6fccd48df10ae472f62e73ada2f6550d971322594e071

    • SHA512

      e24cf1d9fa97b687273a94fcdb8d1571b23905cfe2123e08ff5d3fdf85a02e7c8107fdb6826a8690ec3f38c1d1d05f89ba7ede26a93f4f6245d46a18f5466ad0

    • SSDEEP

      12288:NA9b0ZeV01NRnWNwwUyJRcOKcN3XhYxkY3hZ29:wXyrpcwVyTcOJNHOx+

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks