blustealer | 1488d2bb17e28439602d2b7e015761b040a36cc2951f01ec2afd6a9cb4e788e7 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...39.exe

windows7-x64

SecuriteIn...39.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.22405.29639.exe
Size

317KB
Sample

221006-j8fdmaghhq
MD5

01525569bc9b96eaa3d400c27fc48e65
SHA1

89ee100955aa324c06adfdae26eed42774229c37
SHA256

1488d2bb17e28439602d2b7e015761b040a36cc2951f01ec2afd6a9cb4e788e7
SHA512

b3f2764b612fa4dacde63eea186cb5490b437ff098f5dca61ff9b3cc93f09d74d6d2991030777a80b1c177c6fe6f24f4600ed7d39c42e5f3916480ecbf94906d
SSDEEP

3072:pFbx2IW7tu1b5x/QC4czk575dVXJNEPtXYh9985AqaWZtrmOm71hEbaFSkjiRrPh:pX6tuZvxwEBO9e5AqZxa+

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.22405.29639.exe

Resource

win7-20220901-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.22405.29639.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5567605125:AAF5a-eiGBTc0sQavelBpgmYIQTDu4ndQ8/sendMessage?chat_id=5442288318

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.22405.29639.exe
- Size
  
  317KB
- MD5
  
  01525569bc9b96eaa3d400c27fc48e65
- SHA1
  
  89ee100955aa324c06adfdae26eed42774229c37
- SHA256
  
  1488d2bb17e28439602d2b7e015761b040a36cc2951f01ec2afd6a9cb4e788e7
- SHA512
  
  b3f2764b612fa4dacde63eea186cb5490b437ff098f5dca61ff9b3cc93f09d74d6d2991030777a80b1c177c6fe6f24f4600ed7d39c42e5f3916480ecbf94906d
- SSDEEP
  
  3072:pFbx2IW7tu1b5x/QC4czk575dVXJNEPtXYh9985AqaWZtrmOm71hEbaFSkjiRrPh:pX6tuZvxwEBO9e5AqZxa+
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2024

Terms | Privacy