Overview

overview

10

Static

static

Account Statement.exe

windows7-x64

10

Account Statement.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Account Statement.tar.001

  • Size

    647KB

  • Sample

    220926-w9c14sbfg4

  • MD5

    1af44f7773630f0bdfcd0e7e0ce321d6

  • SHA1

    7c18ac8c7c40da562957642f868da1485e45926f

  • SHA256

    e40b17b159807788ed27af5e7aae1bf4cf2d1468ff332ba51025c0c05155b44d

  • SHA512

    e1f092e69b5f776b5c052a7e923cbea84e2ff730a47c520b48e7ae6acdc81b4346476f936ceac3afb66a782b6fdbf63399bef2d9ef0893c347be8ada11c19ac7

  • SSDEEP

    12288:czE+JC2iNEF75euLUr1FvIXKHWcRmykYMX5b99fcruJfiRQ9Es/:oC16Z5fY1F2eWc2Vb4yJqRQ

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5509348036:AAGh2wLRoXYFDYseiCQ6lJ_YRNqlLZ6lBgg/sendMessage?chat_id=1505845388

Targets

    • Target

      Account Statement.exe

    • Size

      646KB

    • MD5

      af38ca383a825e106a87a4f40ac58cc3

    • SHA1

      d4b96710edec425287ad941d72a1bb4408f5db3c

    • SHA256

      d5b8a3cbf08b85a30f8d1f1a5af377dbe76b7aaf26f4cecbd9d731385b262e7f

    • SHA512

      ccaf3d5af0e67ae4d27e7bcc067e825bb015a2202f08356f6a552eb1f3338845507e95892bce12f20df6c3cbaf471770a039a863c1eb5dca96cb44f414aee81b

    • SSDEEP

      12288:8zE+JC2iNEF75euLUr1FvIXKHWcRmykYMX5b99fcruJfiRQ9Es/:IC16Z5fY1F2eWc2Vb4yJqRQ

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks