Overview

overview

10

Static

static

1

rfq#09234a.exe

windows7-x64

10

rfq#09234a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    577e5ddf2b8dc212bbbb959c0a4337c9

  • Size

    691KB

  • Sample

    220914-nkk2esaaf4

  • MD5

    577e5ddf2b8dc212bbbb959c0a4337c9

  • SHA1

    05bda5bb8ee37d01f8002829dc24d1d25dc96a9f

  • SHA256

    34eff32a7aa0bf09e8913f112eea40f56f85d254889f429240cee5e89b11f634

  • SHA512

    3a06f495a1cbaff30c7ed89081ca80e803b3e23d691f522b2e34b1301612f2de2f63946c8cf4ea70098cdf8cd176c130498f99877a9788b063d621da3021434e

  • SSDEEP

    12288:eN6oD0GXVzlKiCZ46WMkqe9Iq2ZZqt/X2Z6f+vCE32ePiwZ7g0a3fieC1E0zv1MF:ejnlqZ4rMNq2ZU/XWFv3DPiwZ7ba3fi8

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

    • Target

      rfq#09234a.exe

    • Size

      800KB

    • MD5

      20397f2a5286e87f72a2b39edf048a89

    • SHA1

      cdc0de28872b5fa612d6ef931465466b626d09b4

    • SHA256

      e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259

    • SHA512

      b083acdb4806a6794eae2bdf6e9fe9a5538d4e7656cfe2163cc94c854ddee939cb46a417311d93757fd1ad991f408752f1e2c3ca6e4830944ca750d3c97287e2

    • SSDEEP

      12288:Lzx1WrUdHL+NMvHRMieFKSb+oRo84x4GVP7ngG:XOgdiNGV7SbxpQ4GPL

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks