Overview

overview

10

Static

static

10

764-63-0x0...ry.exe

windows7-x64

10

764-63-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    764-63-0x0000000000400000-0x0000000000424000-memory.dmp

  • Size

    144KB

  • Sample

    220920-f5nztaffbm

  • MD5

    257d7ac28402c7926a45d26a4011c8f3

  • SHA1

    da937ccc7b250c119c5d83333f942cf9e16d5e3b

  • SHA256

    b5fb29bbafca30ab9de1c27dc7256354e75c2dbf8dee4e5f821821f05fa490ae

  • SHA512

    22ad358b3f8d1d13cbb07e312d5edbd933e31c5acc66d25a920108ffafc237c021e35f266b0086d1cec4e31a5e9aec41db486d866d5220e120a8dbe35c2fdc9c

  • SSDEEP

    1536:YLW/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioBFo08HvUWPdoQwcOxiKDm:7ZTkLfhjFSiO3oLFo08HseyQwV

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5415235188:AAGqakDD6FZcw5LLX6hH5qVayV-1OGURlEo/sendMessage?chat_id=1372472614

Targets

    • Target

      764-63-0x0000000000400000-0x0000000000424000-memory.dmp

    • Size

      144KB

    • MD5

      257d7ac28402c7926a45d26a4011c8f3

    • SHA1

      da937ccc7b250c119c5d83333f942cf9e16d5e3b

    • SHA256

      b5fb29bbafca30ab9de1c27dc7256354e75c2dbf8dee4e5f821821f05fa490ae

    • SHA512

      22ad358b3f8d1d13cbb07e312d5edbd933e31c5acc66d25a920108ffafc237c021e35f266b0086d1cec4e31a5e9aec41db486d866d5220e120a8dbe35c2fdc9c

    • SSDEEP

      1536:YLW/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioBFo08HvUWPdoQwcOxiKDm:7ZTkLfhjFSiO3oLFo08HseyQwV

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks