Overview

overview

10

Static

static

1

rfq#09234a.exe

windows7-x64

10

rfq#09234a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2afcef328038a7d50de717566b98a163

  • Size

    691KB

  • Sample

    220914-nkjhladgdn

  • MD5

    2afcef328038a7d50de717566b98a163

  • SHA1

    2d09577cb9c59283a0b212de3d40f0d1956fda16

  • SHA256

    c0b74154092c93337ba6014f1f1fafa6a1e76e6258359c73f4c3e7d667c04a51

  • SHA512

    d4692218f551cd3514b29cf82586719448b67c4940eb00bb0daa76f9d148a8d91527602bbba548ce44a8215a0bf46e9948e5d746c1885d1c3cb8eb9b7e6faacb

  • SSDEEP

    12288:dN6oD0GXVzlKiCZ46WMkqe9Iq2ZZqt/X2Z6f+vCE32ePiwZ7g0a3fieC1E0zv1Mc:djnlqZ4rMNq2ZU/XWFv3DPiwZ7ba3fiJ

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

    • Target

      rfq#09234a.exe

    • Size

      800KB

    • MD5

      20397f2a5286e87f72a2b39edf048a89

    • SHA1

      cdc0de28872b5fa612d6ef931465466b626d09b4

    • SHA256

      e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259

    • SHA512

      b083acdb4806a6794eae2bdf6e9fe9a5538d4e7656cfe2163cc94c854ddee939cb46a417311d93757fd1ad991f408752f1e2c3ca6e4830944ca750d3c97287e2

    • SSDEEP

      12288:Lzx1WrUdHL+NMvHRMieFKSb+oRo84x4GVP7ngG:XOgdiNGV7SbxpQ4GPL

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks