blustealer

General

Target

e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259.exe
Size

800KB
Sample

220915-2lhvcaaack
MD5

20397f2a5286e87f72a2b39edf048a89
SHA1

cdc0de28872b5fa612d6ef931465466b626d09b4
SHA256

e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259
SHA512

b083acdb4806a6794eae2bdf6e9fe9a5538d4e7656cfe2163cc94c854ddee939cb46a417311d93757fd1ad991f408752f1e2c3ca6e4830944ca750d3c97287e2
SSDEEP

12288:Lzx1WrUdHL+NMvHRMieFKSb+oRo84x4GVP7ngG:XOgdiNGV7SbxpQ4GPL

Score

10^/10

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

- Target
  
  e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259.exe
- Size
  
  800KB
- MD5
  
  20397f2a5286e87f72a2b39edf048a89
- SHA1
  
  cdc0de28872b5fa612d6ef931465466b626d09b4
- SHA256
  
  e95541bc5dd30416ce2189fb79666814d4f236fdc67ab4dc3d69fd44c7e3a259
- SHA512
  
  b083acdb4806a6794eae2bdf6e9fe9a5538d4e7656cfe2163cc94c854ddee939cb46a417311d93757fd1ad991f408752f1e2c3ca6e4830944ca750d3c97287e2
- SSDEEP
  
  12288:Lzx1WrUdHL+NMvHRMieFKSb+oRo84x4GVP7ngG:XOgdiNGV7SbxpQ4GPL
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

StormKitty

StormKitty payload

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2