General
-
Target
41570002689_20221001_05352297_HesapOzeti.exe
-
Size
1.1MB
-
Sample
221003-kd5wgagfdl
-
MD5
6a58925feb3fe5477f8c44595d2c36cd
-
SHA1
1b9565b62bee0d29a4f21eb617a88e9682e09862
-
SHA256
19b0d58c3611ccc99f681997248a835ac4a49572a50278f4f7c732237183db6a
-
SHA512
fd83cb7cc2e9234f46f7b355a9ff66d26354adf1ba520d51ea3c95cf88ad6e618927d5c04ffa4248d887ad534d24b56a1485eeb6fbb40f603737012ff5898cde
-
SSDEEP
12288:o/r9+ljmhNLbDYmcIZQWDA9aHZVIAodG21+sq+AJkZnfYHVKyGr3CQK4HTN2i8E6:EsljMLbDYquFY0o+A2ZwhGraJ
Static task
static1
Behavioral task
behavioral1
Sample
41570002689_20221001_05352297_HesapOzeti.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
41570002689_20221001_05352297_HesapOzeti.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718
Targets
-
-
Target
41570002689_20221001_05352297_HesapOzeti.exe
-
Size
1.1MB
-
MD5
6a58925feb3fe5477f8c44595d2c36cd
-
SHA1
1b9565b62bee0d29a4f21eb617a88e9682e09862
-
SHA256
19b0d58c3611ccc99f681997248a835ac4a49572a50278f4f7c732237183db6a
-
SHA512
fd83cb7cc2e9234f46f7b355a9ff66d26354adf1ba520d51ea3c95cf88ad6e618927d5c04ffa4248d887ad534d24b56a1485eeb6fbb40f603737012ff5898cde
-
SSDEEP
12288:o/r9+ljmhNLbDYmcIZQWDA9aHZVIAodG21+sq+AJkZnfYHVKyGr3CQK4HTN2i8E6:EsljMLbDYquFY0o+A2ZwhGraJ
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-