Overview

overview

10

Static

static

10

1992-63-0x...ry.exe

windows7-x64

10

1992-63-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1992-63-0x0000000000400000-0x0000000000422000-memory.dmp

  • Size

    136KB

  • Sample

    220920-n1dbhsgebp

  • MD5

    076b2066e432c182f45f0df07108c29d

  • SHA1

    4f2b76ca097927a300ae678a2d560dbba5213286

  • SHA256

    cfa14ada14dc74ca0b94b46f0aab55627e4a7856ef2d958c76f75b9586067557

  • SHA512

    23ae152cb55042fcc7b0ffe36f498bb270ed03f8476fe2d1ea1399ddcf4a114de17dc8566ecaefeb7d794667b2e8b835c6b2b8ad777e4c84a96301ee3d0158e7

  • SSDEEP

    1536:9/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioRtkJwhidcIbtTc:ZZTkLfhjFSiO3orXiWId

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

    • Target

      1992-63-0x0000000000400000-0x0000000000422000-memory.dmp

    • Size

      136KB

    • MD5

      076b2066e432c182f45f0df07108c29d

    • SHA1

      4f2b76ca097927a300ae678a2d560dbba5213286

    • SHA256

      cfa14ada14dc74ca0b94b46f0aab55627e4a7856ef2d958c76f75b9586067557

    • SHA512

      23ae152cb55042fcc7b0ffe36f498bb270ed03f8476fe2d1ea1399ddcf4a114de17dc8566ecaefeb7d794667b2e8b835c6b2b8ad777e4c84a96301ee3d0158e7

    • SSDEEP

      1536:9/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioRtkJwhidcIbtTc:ZZTkLfhjFSiO3orXiWId

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks