blustealer | 16a775ae7240434e0563eeb9220c0fb4d2352251d4483d08d9d9678f2b743f1c | Triage

Submit
Reports

Overview

overview

Static

static

cuspule.exe

windows7-x64

cuspule.exe

windows10-2004-x64

Sharing

General

Target

cuspule.exe
Size

144KB
Sample

220909-s4zfdaccfn
MD5

cb51286b55d81634de24cdf0fa2bd358
SHA1

af50caf6cc4ba374d63911031491fc846ce443db
SHA256

16a775ae7240434e0563eeb9220c0fb4d2352251d4483d08d9d9678f2b743f1c
SHA512

3450d5aa671164de9953f7dbfe17751619ce1bd20dd24f773d858d65e7f521e935c13da286f0a994dae91b64716339834cf8be560aad21c5a97c28a10adab47b
SSDEEP

1536:fSV/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViow8KLNH7auPyzjbuf:feZTkLfhjFSiO3omBNWuaz/m

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cuspule.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cuspule.exe

Resource

win10v2004-20220812-en

stormkitty collection stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5732817033:AAFBYIIZmJ7NuvVwD7WRcbV9qwcOqT7RpwM/sendMessage?chat_id=1638137774

Targets

- Target
  
  cuspule.exe
- Size
  
  144KB
- MD5
  
  cb51286b55d81634de24cdf0fa2bd358
- SHA1
  
  af50caf6cc4ba374d63911031491fc846ce443db
- SHA256
  
  16a775ae7240434e0563eeb9220c0fb4d2352251d4483d08d9d9678f2b743f1c
- SHA512
  
  3450d5aa671164de9953f7dbfe17751619ce1bd20dd24f773d858d65e7f521e935c13da286f0a994dae91b64716339834cf8be560aad21c5a97c28a10adab47b
- SSDEEP
  
  1536:fSV/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViow8KLNH7auPyzjbuf:feZTkLfhjFSiO3omBNWuaz/m
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy