Overview

overview

10

Static

static

hesapharek...df.exe

windows7-x64

10

hesapharek...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hesaphareketi-01.pdf.exe

  • Size

    799KB

  • Sample

    220913-g8bz4aehc5

  • MD5

    a41ab4f6f64ad77eb442a7d750f3b70d

  • SHA1

    b69e73227263e953c014d3e2e6a9c2e2d7177971

  • SHA256

    2c38354b88fee401ab4d9ca00979e23b39237bd81f19f7c668161da5cdda6be5

  • SHA512

    fd42aa6a418cf1aa3af841d97bf70efdea56925d150d1bdbe05a694ce02ae92bba0e8567f438322112c07aaec44dcaa8c64ee53683faa8b2aa690fc024011227

  • SSDEEP

    12288:civT6np2WYBTUmUtujgeKFkhDfHZciM+qqHQF9x3:2nDqIh0jgeKGBhcD1H

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

    • Target

      hesaphareketi-01.pdf.exe

    • Size

      799KB

    • MD5

      a41ab4f6f64ad77eb442a7d750f3b70d

    • SHA1

      b69e73227263e953c014d3e2e6a9c2e2d7177971

    • SHA256

      2c38354b88fee401ab4d9ca00979e23b39237bd81f19f7c668161da5cdda6be5

    • SHA512

      fd42aa6a418cf1aa3af841d97bf70efdea56925d150d1bdbe05a694ce02ae92bba0e8567f438322112c07aaec44dcaa8c64ee53683faa8b2aa690fc024011227

    • SSDEEP

      12288:civT6np2WYBTUmUtujgeKFkhDfHZciM+qqHQF9x3:2nDqIh0jgeKGBhcD1H

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks