General
-
Target
swift.img_20220930_011_001.exe
-
Size
744KB
-
Sample
221002-nvkhmsfaaq
-
MD5
c97c519b7b00a60d9dd9f8ced68c5c2b
-
SHA1
9bbd320ae5901ba787cb5ecef1d71bef332d3e66
-
SHA256
25c4ee0823873ad0e9fed128dcfb45ebb821fe7a17c396026b8d8be1c2400557
-
SHA512
b79135c8e231c89552e74002b2a3d8a0e3a247fc9607dbc7c2d4146fb6f6b3c3ddda2c5132bc41462e67bebf0d3c37dba6133b962831359e301ee3db44bc83a9
-
SSDEEP
12288:nu2iNq4nBuC43I3mQxtri2ti2NYl8so/PaSsiMWQunh3:u1lQ342QfrzYlsbFEa
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5732817033:AAFBYIIZmJ7NuvVwD7WRcbV9qwcOqT7RpwM/sendMessage?chat_id=1638137774
Targets
-
-
Target
swift.img_20220930_011_001.exe
-
Size
744KB
-
MD5
c97c519b7b00a60d9dd9f8ced68c5c2b
-
SHA1
9bbd320ae5901ba787cb5ecef1d71bef332d3e66
-
SHA256
25c4ee0823873ad0e9fed128dcfb45ebb821fe7a17c396026b8d8be1c2400557
-
SHA512
b79135c8e231c89552e74002b2a3d8a0e3a247fc9607dbc7c2d4146fb6f6b3c3ddda2c5132bc41462e67bebf0d3c37dba6133b962831359e301ee3db44bc83a9
-
SSDEEP
12288:nu2iNq4nBuC43I3mQxtri2ti2NYl8so/PaSsiMWQunh3:u1lQ342QfrzYlsbFEa
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-