blustealer | 077c6dc697fe099f49f24e345aa6dff6ede9be899e28906f856111b5ce364b14 | Triage

Submit
Reports

Overview

overview

Static

static

150 adet i...�i.exe

windows7-x64

150 adet i...�i.exe

windows10-2004-x64

Sharing

General

Target

150 adet iKMiB-İstanbul siparişi.exe
Size

816KB
Sample

221005-mfdacaeae6
MD5

199618b5fb4cce3992ee9c29885e8207
SHA1

3360fbe47c82290b6dca52895e6b7ecb456e74bc
SHA256

077c6dc697fe099f49f24e345aa6dff6ede9be899e28906f856111b5ce364b14
SHA512

5e6c9a42302d232aed6787bc6dba1c1d1c3919c004e3cc3072696caca10b39a03f79dd1dd9526caaf10a2996ea66111254efe4e0800f573e74019ce5adbe48e5
SSDEEP

24576:qK3rbKyIHJaK2QP/Do01q+h+i05rYDgaCuGxN:x3rbKjEGPZqi+rCgaCuK

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

150 adet iKMiB-İstanbul siparişi.exe

Resource

win7-20220812-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

150 adet iKMiB-İstanbul siparişi.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5567605125:AAF5a-eiGBTc0sQavelBpgmYIQTDu4ndQ8/sendMessage?chat_id=5442288318

Targets

- Target
  
  150 adet iKMiB-İstanbul siparişi.exe
- Size
  
  816KB
- MD5
  
  199618b5fb4cce3992ee9c29885e8207
- SHA1
  
  3360fbe47c82290b6dca52895e6b7ecb456e74bc
- SHA256
  
  077c6dc697fe099f49f24e345aa6dff6ede9be899e28906f856111b5ce364b14
- SHA512
  
  5e6c9a42302d232aed6787bc6dba1c1d1c3919c004e3cc3072696caca10b39a03f79dd1dd9526caaf10a2996ea66111254efe4e0800f573e74019ce5adbe48e5
- SSDEEP
  
  24576:qK3rbKyIHJaK2QP/Do01q+h+i05rYDgaCuGxN:x3rbKjEGPZqi+rCgaCuK
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy