blustealer | 62b221918e58a6ed42b227995a0ca2d92e47ace80da38e6954cf65ee9396272c | Triage

Submit
Reports

Overview

overview

Static

static

ORDEN DE S...RE.exe

windows7-x64

ORDEN DE S...RE.exe

windows10-2004-x64

Sharing

General

Target

ORDEN DE SEPTIEMBRE.bin.zip
Size

150KB
Sample

220916-ly1ypafcd6
MD5

24c42de8fa26e8ed0bc6584b79cd3683
SHA1

f254df505d66bcd9ce5e51afe36f6321c9446694
SHA256

62b221918e58a6ed42b227995a0ca2d92e47ace80da38e6954cf65ee9396272c
SHA512

ea4d53e9ecf4ae2e38357a38c7ac172223f3546736b4c40409f3b91e989d83003a7499bd6f978883c8d25448655599e1073df44c074a9a3da4a22f2b8deb90f3
SSDEEP

3072:LNe+SkrfCwyc0X89JLE8aqBUP32kqX2clcy0AwpyjzjDy3nlKxOvxo:o+SkrCDNX8zLE+tFSpcju3lYOvxo

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ORDEN DE SEPTIEMBRE.exe

Resource

win7-20220812-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDEN DE SEPTIEMBRE.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

- Target
  
  ORDEN DE SEPTIEMBRE.bin
- Size
  
  784KB
- MD5
  
  470a87e0ba0977d5df9a7e9faeae6ab3
- SHA1
  
  b5d6b4605df995f204f9186086cf6b5632149c7f
- SHA256
  
  1123cbc345a98da038d82263722b95bc339ee76ed9cd21e45ffd01e9387ce6c9
- SHA512
  
  c5dd8a748b3fe8d27138f4d92f05688b68f94f9085c8d823599eeec7a2e0393683f01ce4e3332677cf0065964434a3e1774af40d3de3a46e150be6f6d2ca6820
- SSDEEP
  
  6144:kW+4XDBkyFhI8OZiLsyJ0If3+Nm3cxgU/ZVr2H6KihG:x+4lkyFhI8OZiIyJ1us3cxgU/ZZ2Pz
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy