blustealer | 54c419e5d402c052ca814fa728a82fdb2cfd67788960112429ef2f4734e9c866 | Triage

Submit
Reports

Overview

overview

Static

static

doc 202209...01.exe

windows7-x64

doc 202209...01.exe

windows10-2004-x64

Sharing

General

Target

doc 202209200099010100101.exe
Size

775KB
Sample

220920-gzw9nsffhp
MD5

208ea4fa3dacf520513730003b3849ff
SHA1

218f95bb8e3e032c6b182197df35ee55579aba67
SHA256

54c419e5d402c052ca814fa728a82fdb2cfd67788960112429ef2f4734e9c866
SHA512

ea5070ce837bca364be4e6f42fae5cf2e831c6486abf74e90d1de9fcb6277bdf51fb3859dcf1f97745a9a3848097219835359e16a2cd953d48212b3cf666f0ea
SSDEEP

12288:Efhcgyb1Qj5eeJe194GwyU0ao1SS5GMT4h3mOvud94f2:EfPySj5eEgw9oIS5JeWqud94f2

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

doc 202209200099010100101.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

doc 202209200099010100101.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5617443580:AAFX8iYrXMCASkw95O815OVGuLWLdSgh8Qo/sendMessage?chat_id=5334267822

Targets

- Target
  
  doc 202209200099010100101.exe
- Size
  
  775KB
- MD5
  
  208ea4fa3dacf520513730003b3849ff
- SHA1
  
  218f95bb8e3e032c6b182197df35ee55579aba67
- SHA256
  
  54c419e5d402c052ca814fa728a82fdb2cfd67788960112429ef2f4734e9c866
- SHA512
  
  ea5070ce837bca364be4e6f42fae5cf2e831c6486abf74e90d1de9fcb6277bdf51fb3859dcf1f97745a9a3848097219835359e16a2cd953d48212b3cf666f0ea
- SSDEEP
  
  12288:Efhcgyb1Qj5eeJe194GwyU0ao1SS5GMT4h3mOvud94f2:EfPySj5eEgw9oIS5JeWqud94f2
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy