Overview

overview

10

Static

static

SecuriteIn...95.exe

windows7-x64

10

SecuriteIn...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.24895.exe

  • Size

    853KB

  • Sample

    220912-gjls1agdfp

  • MD5

    ce0443c80c62db2b18578fb5aea2dcc3

  • SHA1

    87e7a6b1a5d3812817a42fb4a0f9d21e90208e71

  • SHA256

    3e1cab8195206e7bf50b34dde56656e54ab25af5fe4136f1f76fc60f7664fd79

  • SHA512

    6fecf34d1bfe41c9c085dd9eeb23b29204090f1cf9081e9b7d7847d9c6b4bb345c222a39cfb20a7a350d3d5125d14b56151fc018e7e00eccb655854768853a26

  • SSDEEP

    12288:Cx11Spw4M5vXRTiSTR9L3b+p2Po3dc5iKPAu/:CcppwfzRJ3bJQoiKPp

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

    • Target

      SecuriteInfo.com.Win32.RATX-gen.24895.exe

    • Size

      853KB

    • MD5

      ce0443c80c62db2b18578fb5aea2dcc3

    • SHA1

      87e7a6b1a5d3812817a42fb4a0f9d21e90208e71

    • SHA256

      3e1cab8195206e7bf50b34dde56656e54ab25af5fe4136f1f76fc60f7664fd79

    • SHA512

      6fecf34d1bfe41c9c085dd9eeb23b29204090f1cf9081e9b7d7847d9c6b4bb345c222a39cfb20a7a350d3d5125d14b56151fc018e7e00eccb655854768853a26

    • SSDEEP

      12288:Cx11Spw4M5vXRTiSTR9L3b+p2Po3dc5iKPAu/:CcppwfzRJ3bJQoiKPp

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks