General
-
Target
4e8f429a3e630862a76b4c0f4d6f9b9eaf8215c8b573e40679083846b2d6da8d.exe
-
Size
998KB
-
Sample
221007-nrpm7acear
-
MD5
e83f92ef8261d6e469fe416c8f23f4b8
-
SHA1
c5c159ea8157360863d299797fdc78d8f8486c01
-
SHA256
4e8f429a3e630862a76b4c0f4d6f9b9eaf8215c8b573e40679083846b2d6da8d
-
SHA512
d531fba229b6e823db0d512f3991ddc47a4455acf2830a8f6199ace31fee4339367ec4bedeae56e0a637ac20d87e2a6767c0d7c8f2387143c37b3adc194dcb8f
-
SSDEEP
24576:e53tFSITOdDiWFyLLVA0Tkxyolo+kWhiYd+IokC21hc:ctYITOpiWFyS0QxpDk1YzRhc
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896
Targets
-
-
Target
4e8f429a3e630862a76b4c0f4d6f9b9eaf8215c8b573e40679083846b2d6da8d.exe
-
Size
998KB
-
MD5
e83f92ef8261d6e469fe416c8f23f4b8
-
SHA1
c5c159ea8157360863d299797fdc78d8f8486c01
-
SHA256
4e8f429a3e630862a76b4c0f4d6f9b9eaf8215c8b573e40679083846b2d6da8d
-
SHA512
d531fba229b6e823db0d512f3991ddc47a4455acf2830a8f6199ace31fee4339367ec4bedeae56e0a637ac20d87e2a6767c0d7c8f2387143c37b3adc194dcb8f
-
SSDEEP
24576:e53tFSITOdDiWFyLLVA0Tkxyolo+kWhiYd+IokC21hc:ctYITOpiWFyS0QxpDk1YzRhc
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-