Overview

overview

10

Static

static

doc0709022...30.exe

windows7-x64

10

doc0709022...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc070902248304840384739-11983769230.exe

  • Size

    1.0MB

  • Sample

    220908-fwslmsdgb3

  • MD5

    82a1be67742da347df519c0c0b75ed87

  • SHA1

    163e5d1758c7be66a6a3a35d2f9973d209383567

  • SHA256

    02a1835ea805bb1a6ca8d1706fa5a811279ec3fcb1524eb83cfa60f0314cf0dd

  • SHA512

    d2051aa0284e0ab9151417d05eafc037695c32d6bf67512b2c8155ecc303774bdc950c24a658fb88787c4f1c3f6ae8bb0bba2017d90129afcbf484f40baaa4a7

  • SSDEEP

    12288:I5bIINzS9JAJgapke+yoaYRy6Wrq2vElGv9W:qbNzoJ0gakNy9cjWm2UGv

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      doc070902248304840384739-11983769230.exe

    • Size

      1.0MB

    • MD5

      82a1be67742da347df519c0c0b75ed87

    • SHA1

      163e5d1758c7be66a6a3a35d2f9973d209383567

    • SHA256

      02a1835ea805bb1a6ca8d1706fa5a811279ec3fcb1524eb83cfa60f0314cf0dd

    • SHA512

      d2051aa0284e0ab9151417d05eafc037695c32d6bf67512b2c8155ecc303774bdc950c24a658fb88787c4f1c3f6ae8bb0bba2017d90129afcbf484f40baaa4a7

    • SSDEEP

      12288:I5bIINzS9JAJgapke+yoaYRy6Wrq2vElGv9W:qbNzoJ0gakNy9cjWm2UGv

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks