Overview

overview

10

Static

static

537eefdd89...6d.exe

windows7-x64

10

537eefdd89...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    537eefdd89c53025ce3e521a0dde0d2dd99bcf94f6063fd6b0823e259c72a26d

  • Size

    158KB

  • Sample

    220913-tqjnfagad3

  • MD5

    da88b9d5a99843082b9258e087ae0ea9

  • SHA1

    d425103a22463af1f8070f394a147b0e2d3ca8e9

  • SHA256

    537eefdd89c53025ce3e521a0dde0d2dd99bcf94f6063fd6b0823e259c72a26d

  • SHA512

    753c7298750a7342a1f14fe9d1bc5737f3f9de598192d4ea68621793024c210690f243d6e4092920c9204cd6517e5e9add89f61cad46a99150a4964d9c35d969

  • SSDEEP

    3072:GspYocLKwD+MctFYFroOyKMPggSE9bdB4/tTc0owUdTZ5yMHHMc:YJN8FIWKzE9bdB4VTotMc

Score
10/10
blustealerstormkittycollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      537eefdd89c53025ce3e521a0dde0d2dd99bcf94f6063fd6b0823e259c72a26d

    • Size

      158KB

    • MD5

      da88b9d5a99843082b9258e087ae0ea9

    • SHA1

      d425103a22463af1f8070f394a147b0e2d3ca8e9

    • SHA256

      537eefdd89c53025ce3e521a0dde0d2dd99bcf94f6063fd6b0823e259c72a26d

    • SHA512

      753c7298750a7342a1f14fe9d1bc5737f3f9de598192d4ea68621793024c210690f243d6e4092920c9204cd6517e5e9add89f61cad46a99150a4964d9c35d969

    • SSDEEP

      3072:GspYocLKwD+MctFYFroOyKMPggSE9bdB4/tTc0owUdTZ5yMHHMc:YJN8FIWKzE9bdB4VTotMc

    Score
    10/10
    blustealerstormkittycollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks