blustealer | 97acdbf4f3b197429b754d04a0e8f94fac94cbf02b9a3262ca350be271d9355c | Triage

Submit
Reports

Overview

overview

Static

static

bdc7b9697b...ed.exe

windows7-x64

1

bdc7b9697b...ed.exe

windows10-2004-x64

Sharing

General

Target

7991976130.zip
Size

542KB
Sample

220912-pmgx8adbh4
MD5

8a9bf7f77d97ce1f573aa0a7d8faf77f
SHA1

d0aeba130f0a2835a1fc5a13125c003e942c3fa8
SHA256

97acdbf4f3b197429b754d04a0e8f94fac94cbf02b9a3262ca350be271d9355c
SHA512

67d952d217403b536630267fe3fab052086f5177e817886b976fcc621c6a75f4fbc84cae66c4c505883992ed61c4eba2ccce0b423cc7add5a85a1e9d6e40e143
SSDEEP

12288:vMZxGPoDoK/MvjvmCqS+eiI1KP5JnFZzjvpwyy4aQ:vMTDoK0vjvRJKxJF5+V41

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

bdc7b9697bec25f67536bd94457642b0f009f82f05398417202b39b3ffc31bed.exe

Resource

win7-20220812-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

bdc7b9697bec25f67536bd94457642b0f009f82f05398417202b39b3ffc31bed.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5415235188:AAGqakDD6FZcw5LLX6hH5qVayV-1OGURlEo/sendMessage?chat_id=1372472614

Targets

- Target
  
  bdc7b9697bec25f67536bd94457642b0f009f82f05398417202b39b3ffc31bed
- Size
  
  993KB
- MD5
  
  d797a49c43ff7ef5417507b47ba32762
- SHA1
  
  8fc053b6c85b84515cd518d33893273e63f2f9b6
- SHA256
  
  bdc7b9697bec25f67536bd94457642b0f009f82f05398417202b39b3ffc31bed
- SHA512
  
  201307649e42a24f3a39d512e45868e9d9f0a30cb7326ca7e7e5a3d87bf3d9b59bc435c57c3713aff1b8136d8f7dfc0bb31c35030e2c8f35159362dd777dcdd1
- SSDEEP
  
  12288:7i+0xvpf9mS6HHpDxvTA0ToeWwh0FfCC9bucNkudpyhA:30DF4FUzeW64ZAcNlyhA
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy