Overview

overview

10

Static

static

ORDEN DE S...RE.exe

windows7-x64

10

ORDEN DE S...RE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDEN DE SEPTIEMBRE.exe

  • Size

    784KB

  • Sample

    220928-fhy69sgbgk

  • MD5

    470a87e0ba0977d5df9a7e9faeae6ab3

  • SHA1

    b5d6b4605df995f204f9186086cf6b5632149c7f

  • SHA256

    1123cbc345a98da038d82263722b95bc339ee76ed9cd21e45ffd01e9387ce6c9

  • SHA512

    c5dd8a748b3fe8d27138f4d92f05688b68f94f9085c8d823599eeec7a2e0393683f01ce4e3332677cf0065964434a3e1774af40d3de3a46e150be6f6d2ca6820

  • SSDEEP

    6144:kW+4XDBkyFhI8OZiLsyJ0If3+Nm3cxgU/ZVr2H6KihG:x+4lkyFhI8OZiIyJ1us3cxgU/ZZ2Pz

Score
10/10
blustealerstormkittycollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      ORDEN DE SEPTIEMBRE.exe

    • Size

      784KB

    • MD5

      470a87e0ba0977d5df9a7e9faeae6ab3

    • SHA1

      b5d6b4605df995f204f9186086cf6b5632149c7f

    • SHA256

      1123cbc345a98da038d82263722b95bc339ee76ed9cd21e45ffd01e9387ce6c9

    • SHA512

      c5dd8a748b3fe8d27138f4d92f05688b68f94f9085c8d823599eeec7a2e0393683f01ce4e3332677cf0065964434a3e1774af40d3de3a46e150be6f6d2ca6820

    • SSDEEP

      6144:kW+4XDBkyFhI8OZiLsyJ0If3+Nm3cxgU/ZVr2H6KihG:x+4lkyFhI8OZiIyJ1us3cxgU/ZZ2Pz

    Score
    10/10
    blustealerstormkittycollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks