General
-
Target
Comprobante+transferencia.xlxs.pdf(_67KB).img
-
Size
1.2MB
-
Sample
220922-jm45vsaeg2
-
MD5
79e511e1400420cc78df09173d8e52d1
-
SHA1
110422750df351e8c5ba4239320254bed4cb5818
-
SHA256
01ef2c89715afa5aa532c1a0a88e17d3c64a549ff2edf4ecca852eda40abdc32
-
SHA512
9d8944cb931de1bc3935062d5e1993a029d01e3fc8043be89b58786f8d426c3841f76e097fb2d80e403a5a0f970b8947cfe301b3acaf3b3c62b257a1a1b24dcf
-
SSDEEP
3072:4KFHC+bcA0wmv5GZopfShP5yEsuTSj6deVoL+Lb4bnrzoyKOH:5Ys0wmv5yotShP5ygej6deGrfd
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
COMPROBA.EXE
-
Size
172KB
-
MD5
65ae911b0aff53af557cd58a6c68be64
-
SHA1
59f789e3d42b06fa875abfd801dbb02425e7f1f7
-
SHA256
c35cd99a9bd4f1a8289d3bc98bf59a57ac7816ec16de668d37cf4ee747ab7c35
-
SHA512
ab715188fb6eb7730355945763e731087f53351f7662d24befe5ebe34373cadeb7481e9a96632b236401986bac917eda235325ac9729f44385f9455b6113d493
-
SSDEEP
3072:2KFHC+bcA0wmv5GZopfShP5yEsuTSj6deVoL+Lb4bnrzoyKOHm:jYs0wmv5yotShP5ygej6deGrfdG
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-