blustealer | ab20abd2eaaab9922983e4abfcec5891f15b6d5d798e742476a933ef31d9263d | Triage

Submit
Reports

Overview

overview

Static

static

4592-147-0...ry.exe

windows7-x64

4592-147-0...ry.exe

windows10-2004-x64

Sharing

General

Target

4592-147-0x0000000000400000-0x0000000000422000-memory.dmp
Size

136KB
Sample

221008-1jl9bafhcq
MD5

c8305980d0258f9b45530a542a416c14
SHA1

64e0bb8ade5c4acf5318b9a2ec73a51e2bd95fd3
SHA256

ab20abd2eaaab9922983e4abfcec5891f15b6d5d798e742476a933ef31d9263d
SHA512

72c29a1d8e26f4e6d38f34c1c9716b308cb7a709a45f4d506da61921615a997a81c3098044413a11610a23ad8543abca2cf58f934286969443a5538f18f218bd
SSDEEP

1536:v7/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioLk2xzJo+e6yoi:TZTkLfhjFSiO3ohk2le6Q

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4592-147-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4592-147-0x0000000000400000-0x0000000000422000-memory.exe

Resource

win10v2004-20220901-en

stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5472661190:AAH0_Es3-7EvHKo3diARLmBSPyMQ64sYLC8/sendMessage?chat_id=1148000519

Targets

- Target
  
  4592-147-0x0000000000400000-0x0000000000422000-memory.dmp
- Size
  
  136KB
- MD5
  
  c8305980d0258f9b45530a542a416c14
- SHA1
  
  64e0bb8ade5c4acf5318b9a2ec73a51e2bd95fd3
- SHA256
  
  ab20abd2eaaab9922983e4abfcec5891f15b6d5d798e742476a933ef31d9263d
- SHA512
  
  72c29a1d8e26f4e6d38f34c1c9716b308cb7a709a45f4d506da61921615a997a81c3098044413a11610a23ad8543abca2cf58f934286969443a5538f18f218bd
- SSDEEP
  
  1536:v7/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioLk2xzJo+e6yoi:TZTkLfhjFSiO3ohk2le6Q
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2025

Terms | Privacy