blustealer | d569cf8a839574dce7af4154ed9369c332bc9b1078c7132e550491641f430a43 | Triage

Submit
Reports

Overview

overview

Static

static

1484-59-0x...ry.exe

windows7-x64

1484-59-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1484-59-0x0000000000400000-0x0000000000424000-memory.dmp
Size

144KB
Sample

220908-nejleaedg5
MD5

4e2bfb6a6c6763c91351616895d3704e
SHA1

da397af3ce8ae87b224dc68d21961224dabb13e9
SHA256

d569cf8a839574dce7af4154ed9369c332bc9b1078c7132e550491641f430a43
SHA512

e5499a0ad96c80f63889bcef898601eca0498e0c2349837593b0d5d3ba2bd0ec6711c6f82558d1ed825d1a402c789489213548fcfd8f4a346c53af4084a796ea
SSDEEP

1536:r65/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioOO4yX5t4l7yYipC:r69ZTkLfhjFSiO3ocO4yX34lmYg

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1484-59-0x0000000000400000-0x0000000000424000-memory.exe

Resource

win7-20220901-en

stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1484-59-0x0000000000400000-0x0000000000424000-memory.exe

Resource

win10v2004-20220812-en

stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  1484-59-0x0000000000400000-0x0000000000424000-memory.dmp
- Size
  
  144KB
- MD5
  
  4e2bfb6a6c6763c91351616895d3704e
- SHA1
  
  da397af3ce8ae87b224dc68d21961224dabb13e9
- SHA256
  
  d569cf8a839574dce7af4154ed9369c332bc9b1078c7132e550491641f430a43
- SHA512
  
  e5499a0ad96c80f63889bcef898601eca0498e0c2349837593b0d5d3ba2bd0ec6711c6f82558d1ed825d1a402c789489213548fcfd8f4a346c53af4084a796ea
- SSDEEP
  
  1536:r65/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioOO4yX5t4l7yYipC:r69ZTkLfhjFSiO3ocO4yX34lmYg
Score

10^/10

stormkitty collection spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionspywarestealer

behavioral2

stormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy