Overview

overview

10

Static

static

Halkbank,doc.exe

windows7-x64

10

Halkbank,doc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Halkbank,doc.exe

  • Size

    944KB

  • Sample

    220915-pbgs3sdab9

  • MD5

    895140d717ad9ea92e1fdf27d9a8faab

  • SHA1

    1915a1c454d26d827e72c1f2edd242e66261f495

  • SHA256

    3cca31e08e5e7460380b7547f77a67485cb559c5b1982894c7e739031be97920

  • SHA512

    242214e9b8dcb1e70cc7797c3670e44a49084289cc684131b856e3b0f9995b47ff84e64c5a9d4453aede376ee06b3d33573e4e3d3f7cde5a3ff3668e9483c2ca

  • SSDEEP

    12288:MFzTTDV7uikFgUWYaM47dS7gWe8JX70AJ4LcGWmZVLFzNEMMYzJI0xks:MF/TDlubgUOl7dS7gowpr9XxZBJJx

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

    • Target

      Halkbank,doc.exe

    • Size

      944KB

    • MD5

      895140d717ad9ea92e1fdf27d9a8faab

    • SHA1

      1915a1c454d26d827e72c1f2edd242e66261f495

    • SHA256

      3cca31e08e5e7460380b7547f77a67485cb559c5b1982894c7e739031be97920

    • SHA512

      242214e9b8dcb1e70cc7797c3670e44a49084289cc684131b856e3b0f9995b47ff84e64c5a9d4453aede376ee06b3d33573e4e3d3f7cde5a3ff3668e9483c2ca

    • SSDEEP

      12288:MFzTTDV7uikFgUWYaM47dS7gWe8JX70AJ4LcGWmZVLFzNEMMYzJI0xks:MF/TDlubgUOl7dS7gowpr9XxZBJJx

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks