Overview

overview

10

Static

static

Ekstre_01.pdf.exe

windows7-x64

1

Ekstre_01.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ekstre_01.pdf.exe

  • Size

    916KB

  • Sample

    220917-g9g8hahcd3

  • MD5

    c6422b30084f0068a6fd540dbda8cbcb

  • SHA1

    1fb25b337715fbb29fddc855db7abddd8083f298

  • SHA256

    db8326300154e132bca39bb24e89949dbe41c9af90d9f10242dce3f9423ab094

  • SHA512

    2e4d09af79d7b83445a70d57e3ec450e1969440525d5de8323a279bfb3637c45775f9459f267bf938dcc4f1d6b30026b85a9d4b16e8c36f3d8e197c5e8031737

  • SSDEEP

    12288:a4wY3xGuC8aMnNAXh0mHotTm6VOs85iORdmFrVe9RpMxnsnYFofQU:a4wGGFti6StOtiOgVK62g6QU

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

    • Target

      Ekstre_01.pdf.exe

    • Size

      916KB

    • MD5

      c6422b30084f0068a6fd540dbda8cbcb

    • SHA1

      1fb25b337715fbb29fddc855db7abddd8083f298

    • SHA256

      db8326300154e132bca39bb24e89949dbe41c9af90d9f10242dce3f9423ab094

    • SHA512

      2e4d09af79d7b83445a70d57e3ec450e1969440525d5de8323a279bfb3637c45775f9459f267bf938dcc4f1d6b30026b85a9d4b16e8c36f3d8e197c5e8031737

    • SSDEEP

      12288:a4wY3xGuC8aMnNAXh0mHotTm6VOs85iORdmFrVe9RpMxnsnYFofQU:a4wGGFti6StOtiOgVK62g6QU

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks