blustealer | 7dbd595dd8e5d4dda3c0127e8779342c42432e27ff37ac482fca8e0c8aef32a8 | Triage

Submit
Reports

Overview

overview

Static

static

Halkbank_E...df.exe

windows7-x64

Halkbank_E...df.exe

windows10-2004-x64

Sharing

General

Target

Halkbank_Ekstre_003_170635_650186.pdf.exe
Size

884KB
Sample

221006-q83bqahee8
MD5

a7b72a295326ac2c29592434237f445c
SHA1

bcd8ffed67e7276a1799f0eba8af373cfaf39d5e
SHA256

7dbd595dd8e5d4dda3c0127e8779342c42432e27ff37ac482fca8e0c8aef32a8
SHA512

b06780ed1ceb88db634eb7b64db7e448fccb36f3e94bc35dff877c4d1db4692cc3e2fbad2b0be8f1e3c882d03b58d4363f770492bb24b1833823ad9961d64597
SSDEEP

12288:X27t+T/R/4ve4mPyLyIS8mmKVki7vkZxB6hCHevhphU:Jt4ve4mPy+IKBVk+k7B6M+JphU

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

Halkbank_Ekstre_003_170635_650186.pdf.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Halkbank_Ekstre_003_170635_650186.pdf.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

- Target
  
  Halkbank_Ekstre_003_170635_650186.pdf.exe
- Size
  
  884KB
- MD5
  
  a7b72a295326ac2c29592434237f445c
- SHA1
  
  bcd8ffed67e7276a1799f0eba8af373cfaf39d5e
- SHA256
  
  7dbd595dd8e5d4dda3c0127e8779342c42432e27ff37ac482fca8e0c8aef32a8
- SHA512
  
  b06780ed1ceb88db634eb7b64db7e448fccb36f3e94bc35dff877c4d1db4692cc3e2fbad2b0be8f1e3c882d03b58d4363f770492bb24b1833823ad9961d64597
- SSDEEP
  
  12288:X27t+T/R/4ve4mPyLyIS8mmKVki7vkZxB6hCHevhphU:Jt4ve4mPy+IKBVk+k7B6M+JphU
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy