Overview

overview

10

Static

static

1

AWB & INVOICE .exe

windows7-x64

10

AWB & INVOICE .exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6f44e7e5fd973604251e9c647c71ea7a

  • Size

    938KB

  • Sample

    220929-w8lxmacfej

  • MD5

    6f44e7e5fd973604251e9c647c71ea7a

  • SHA1

    ea06eaddef1dc91c3502ab0be97d20ae4694cb5c

  • SHA256

    7bfd94c6a0e133169f20bb3b3af5f796ebafa5906ccfc979ab96650db2e74cf9

  • SHA512

    8fd25c409bf6f1c66f6683a50076dcdf01f79d9f76a5ba567813ea7dee1083e1de12f2b7d8e6e1c0bc182d961a5becddb0cea539c36112d07ad87e7f21b63953

  • SSDEEP

    24576:anoqWbBmO5hHQKFL8VwV9WHjPzDsZNImTg+pYg2iK:aO5Z1FzOjPcVpE

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

    • Target

      AWB & INVOICE .exe

    • Size

      889KB

    • MD5

      28a94cb3b9e0a31a27723a26177feea2

    • SHA1

      7bd0284388e520c7301bea934512a64f4dfa385f

    • SHA256

      3f3c75c07a47bb321f1c5bee8d7ab195c9e6384cf70eda9d60dcb3472b7445d2

    • SHA512

      3eb29ac71f39c2915c84316a4b0aa847975b0f07a424d294a1eabcc422fd10e3338bca5d7f46b3c7af40097192dede6b4024674c7977b4a84dc9f6463cd1b8e7

    • SSDEEP

      12288:vpMmvzBGPrCzrJx0UO0kXEEJW1AiwQgg0G+sY3yusXP9K0FcflOBRyxjMlxXOD6x:vpnz4DCBaU8EEs1AFI0KW6B+CP

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks