blustealer | 576fba66410ffbb712a8412d2469e68d4c6d4daa1f32604afa4c4d7ae51a2a63 | Triage

Submit
Reports

Overview

overview

Static

static

Hesaphareketi-01.exe

windows7-x64

Hesaphareketi-01.exe

windows10-2004-x64

Sharing

General

Target

Hesaphareketi-01.exe
Size

1.0MB
Sample

220915-pbgs3sgfhn
MD5

e0f76ab7cf0e4c248e0cd12fffa4d73a
SHA1

c7de7e46a575d18360f804a4116f80c5d946edeb
SHA256

576fba66410ffbb712a8412d2469e68d4c6d4daa1f32604afa4c4d7ae51a2a63
SHA512

e7f7fca2bb3cfc552ab70ae971c7d999a7941c4248d561717606ee8980361ffe7026948598c7e5c1a6bbd2e293eee26969c0100ddb4560ef5965654b4537693b
SSDEEP

24576:7x8HnjNU3f6bI1QTBj2HwPXeJLztpOsJ/zVcuV:7OHjNMf6c1UBUJPOsJ/zSe

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

Hesaphareketi-01.exe

Resource

win7-20220901-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Hesaphareketi-01.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5617443580:AAFX8iYrXMCASkw95O815OVGuLWLdSgh8Qo/sendMessage?chat_id=5334267822

Targets

- Target
  
  Hesaphareketi-01.exe
- Size
  
  1.0MB
- MD5
  
  e0f76ab7cf0e4c248e0cd12fffa4d73a
- SHA1
  
  c7de7e46a575d18360f804a4116f80c5d946edeb
- SHA256
  
  576fba66410ffbb712a8412d2469e68d4c6d4daa1f32604afa4c4d7ae51a2a63
- SHA512
  
  e7f7fca2bb3cfc552ab70ae971c7d999a7941c4248d561717606ee8980361ffe7026948598c7e5c1a6bbd2e293eee26969c0100ddb4560ef5965654b4537693b
- SSDEEP
  
  24576:7x8HnjNU3f6bI1QTBj2HwPXeJLztpOsJ/zVcuV:7OHjNMf6c1UBUJPOsJ/zSe
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy