blustealer | c35cd99a9bd4f1a8289d3bc98bf59a57ac7816ec16de668d37cf4ee747ab7c35 | Triage

Submit
Reports

Overview

overview

Static

static

Comprobant...df.exe

windows7-x64

Comprobant...df.exe

windows10-2004-x64

Sharing

General

Target

Comprobante transferencia.xlxs.pdf.exe
Size

172KB
Sample

220923-f5eq5sdcb2
MD5

65ae911b0aff53af557cd58a6c68be64
SHA1

59f789e3d42b06fa875abfd801dbb02425e7f1f7
SHA256

c35cd99a9bd4f1a8289d3bc98bf59a57ac7816ec16de668d37cf4ee747ab7c35
SHA512

ab715188fb6eb7730355945763e731087f53351f7662d24befe5ebe34373cadeb7481e9a96632b236401986bac917eda235325ac9729f44385f9455b6113d493
SSDEEP

3072:2KFHC+bcA0wmv5GZopfShP5yEsuTSj6deVoL+Lb4bnrzoyKOHm:jYs0wmv5yotShP5ygej6deGrfdG

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Comprobante transferencia.xlxs.pdf.exe

Resource

win7-20220812-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Comprobante transferencia.xlxs.pdf.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

- Target
  
  Comprobante transferencia.xlxs.pdf.exe
- Size
  
  172KB
- MD5
  
  65ae911b0aff53af557cd58a6c68be64
- SHA1
  
  59f789e3d42b06fa875abfd801dbb02425e7f1f7
- SHA256
  
  c35cd99a9bd4f1a8289d3bc98bf59a57ac7816ec16de668d37cf4ee747ab7c35
- SHA512
  
  ab715188fb6eb7730355945763e731087f53351f7662d24befe5ebe34373cadeb7481e9a96632b236401986bac917eda235325ac9729f44385f9455b6113d493
- SSDEEP
  
  3072:2KFHC+bcA0wmv5GZopfShP5yEsuTSj6deVoL+Lb4bnrzoyKOHm:jYs0wmv5yotShP5ygej6deGrfdG
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy