blustealer | 18ece9865b3675b8174634701d40f210a84bd9ea45f873805a3e76834010e1db | Triage

Submit
Reports

Overview

overview

Static

static

224-142-0x...ry.exe

windows7-x64

224-142-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

224-142-0x0000000000400000-0x0000000000422000-memory.dmp
Size

136KB
Sample

220917-hew9lshcf2
MD5

6df013737da07944a035c54be0b8d277
SHA1

5243ec686afc79ef200386b5e6e4ac169db7eee5
SHA256

18ece9865b3675b8174634701d40f210a84bd9ea45f873805a3e76834010e1db
SHA512

9b19478b837aa665716f57d29469aad0adf9654b58a4712271c55cad6b804ca69d4ebeac3b575035c3695626cbfb5cd1f530c8d5ae7ec768f036e26b99e82a33
SSDEEP

1536:9/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioRtkJwhidcIbtTcY:ZZTkLfhjFSiO3orXiWId1

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

224-142-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win7-20220901-en

stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

224-142-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win10v2004-20220812-en

stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

- Target
  
  224-142-0x0000000000400000-0x0000000000422000-memory.dmp
- Size
  
  136KB
- MD5
  
  6df013737da07944a035c54be0b8d277
- SHA1
  
  5243ec686afc79ef200386b5e6e4ac169db7eee5
- SHA256
  
  18ece9865b3675b8174634701d40f210a84bd9ea45f873805a3e76834010e1db
- SHA512
  
  9b19478b837aa665716f57d29469aad0adf9654b58a4712271c55cad6b804ca69d4ebeac3b575035c3695626cbfb5cd1f530c8d5ae7ec768f036e26b99e82a33
- SSDEEP
  
  1536:9/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioRtkJwhidcIbtTcY:ZZTkLfhjFSiO3orXiWId1
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy