blustealer | 5496c892434815b96f2e87625ea81ee5fd67af10a3416f84d1cf74da03d23b02 | Triage

Submit
Reports

Overview

overview

Static

static

41570002...ti.exe

windows7-x64

41570002...ti.exe

windows10-2004-x64

Sharing

General

Target

41570002689_20221003_05352297_HesapOzeti.exe
Size

986KB
Sample

221005-mfyahseae8
MD5

105955bc97408324ae104395d1f027bf
SHA1

a9b8d839c3f4d2c4cd20831127ae1d5b02ff8664
SHA256

5496c892434815b96f2e87625ea81ee5fd67af10a3416f84d1cf74da03d23b02
SHA512

2ad552ad8272aea0161d0a212925e9fc9cbbb690cfb701bb332525cf1150c92344c355a2dc7fab9931338e5110295f31f520cdbf57ec390e24f4aec50be14d37
SSDEEP

12288:FnJSxRRBR7yXKBs8ypLpeYqktgNeBwyPX2c00QEhWT5MWwtr4veUCyK+zWkv:zwWXKBs5dQYqktE87/2cVQLFwR4veU

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

41570002689_20221003_05352297_HesapOzeti.exe

Resource

win7-20220901-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

41570002689_20221003_05352297_HesapOzeti.exe

Resource

win10v2004-20220901-en

blustealer stormkitty collection stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718

Targets

- Target
  
  41570002689_20221003_05352297_HesapOzeti.exe
- Size
  
  986KB
- MD5
  
  105955bc97408324ae104395d1f027bf
- SHA1
  
  a9b8d839c3f4d2c4cd20831127ae1d5b02ff8664
- SHA256
  
  5496c892434815b96f2e87625ea81ee5fd67af10a3416f84d1cf74da03d23b02
- SHA512
  
  2ad552ad8272aea0161d0a212925e9fc9cbbb690cfb701bb332525cf1150c92344c355a2dc7fab9931338e5110295f31f520cdbf57ec390e24f4aec50be14d37
- SSDEEP
  
  12288:FnJSxRRBR7yXKBs8ypLpeYqktgNeBwyPX2c00QEhWT5MWwtr4veUCyK+zWkv:zwWXKBs5dQYqktE87/2cVQLFwR4veU
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2024

Terms | Privacy