blustealer | 00bcf28771526c2f876a4135520a4eb5a373f6671ea6c94eea36ce2cccbc8e43 | Triage

Submit
Reports

Overview

overview

Static

static

_220926_.EXE.exe

windows7-x64

_220926_.EXE.exe

windows10-2004-x64

Sharing

General

Target

_220926_.EXE.exe
Size

204KB
Sample

220926-kgfqraaba9
MD5

1a6cd2ff652a3c9c909682a62fa6e25a
SHA1

54a16855a8a48f4f847a0a8ca66a2f26b333b2cd
SHA256

00bcf28771526c2f876a4135520a4eb5a373f6671ea6c94eea36ce2cccbc8e43
SHA512

316d788ef92ee882d39dce5f8a61b34c783b61466b6f1682f1fcf055bdc2c290990abd1a93cdf9774616d32968e23acd8dfb609d6a4b8880110a8ef4f1298385
SSDEEP

3072:8I42jI06VSyw9rPdTlYpw3BC/3MYxLXVnSCLr/nEayyGq:8z7yywlPdhYqxm3H5SC

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

_220926_.EXE.exe

Resource

win7-20220812-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

_220926_.EXE.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5641602090:AAFgkXeQEDF1Zq8nmUMQJA2TjfP0wsTJyeM/sendMessage?chat_id=1755939698

Targets

- Target
  
  _220926_.EXE.exe
- Size
  
  204KB
- MD5
  
  1a6cd2ff652a3c9c909682a62fa6e25a
- SHA1
  
  54a16855a8a48f4f847a0a8ca66a2f26b333b2cd
- SHA256
  
  00bcf28771526c2f876a4135520a4eb5a373f6671ea6c94eea36ce2cccbc8e43
- SHA512
  
  316d788ef92ee882d39dce5f8a61b34c783b61466b6f1682f1fcf055bdc2c290990abd1a93cdf9774616d32968e23acd8dfb609d6a4b8880110a8ef4f1298385
- SSDEEP
  
  3072:8I42jI06VSyw9rPdTlYpw3BC/3MYxLXVnSCLr/nEayyGq:8z7yywlPdhYqxm3H5SC
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy