Overview

overview

10

Static

static

09876560098.pdf

windows7-x64

1

09876560098.pdf

windows10-2004-x64

1

987323456.exe

windows7-x64

10

987323456.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90e685bd6132142e2ef71a3f662fad75

  • Size

    576KB

  • Sample

    220914-nkgzrsdgdm

  • MD5

    90e685bd6132142e2ef71a3f662fad75

  • SHA1

    78eb5c49ad598bf346ca00ee193f51263d222d61

  • SHA256

    54ad0446c41577df6cd6ad821de9fe3a6a18a0f703c6c0f0a5142ecb88770592

  • SHA512

    241bc8f0665a10a316f0ae6a9fa53d1c2264e9d5e37b262e2c683a897f9ecf07d181a22978be8688ba721b823e333770e599ad731e30c92b70b838b5a73c94a0

  • SSDEEP

    12288:mfUIh7Pe4v6ltBUx01umHKpfw3ej+iiSaECNqRwQw4nH/YZNIQbBW:m8I5Pe4v6lYx1fw3abaEVw+H/YZNIuW

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5546226764:AAFgA9orKnIJXfe165J2OAI1h11SWEqFyFQ/sendMessage?chat_id=5461341539

Targets

    • Target

      09876560098.pdf

    • Size

      870B

    • MD5

      c8fef6aa70e440b6762dbc78bba8162b

    • SHA1

      1ce3cccb8bd37db5f1a7115381c9e345f86863aa

    • SHA256

      cf2cbbaf628c5fd91424d79f51931c6721e9cf036404c0b8a75b697f1f9cdd64

    • SHA512

      6b7dafeac57c1a0081b29f958c12f97e3a36c78a6ca6ec6a4eca55f884232e3cab93b34cf42a441624411c14a82a95fb38de4a250de357bbd8b406c317ced85b

    Score
    1/10
    behavioral1behavioral2

    • Target

      987323456.exe

    • Size

      940KB

    • MD5

      f5301ee93125620a8c7fa93e523d31aa

    • SHA1

      5b08b05491db643270895adb7c50764880c88916

    • SHA256

      163d435fa6e2ddd36352dcd076dfb8bb4d5f8fa960bc558b1b3ac8b22b0c0673

    • SHA512

      c3b7f0d496d7d99b28cde39241cf2e7ded134a5d015a675eeea1dfcf906ebcb5799037abe3642a39447465e5ab5388ffdcaf6b3fdd3c740147300decf3e225d0

    • SSDEEP

      12288:hk6a76a8QqSSSVsY6e9HzjkP+nrybWjY/JVye+9UPA:hsGY1TjkP/W9e+YA

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks