General
-
Target
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f
-
Size
714KB
-
Sample
221010-m7ebqabef4
-
MD5
78f6fb28169a919b41474529ec8a59bc
-
SHA1
f34f60fe15ef696a0e666d9a32157e695aa334a3
-
SHA256
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f
-
SHA512
333aef1e84ccbdc32c4e1016663516c2932be0e5e7f8d4299a5111236f4f8f5ff942686088531b45d0942c0136a71538d39932063844d60ee075a9411080f7d5
-
SSDEEP
12288:rKa+70n6pT/3Eb47XK6hTBr1pUviaB5jM24QE/+Fz:f+7ZTvEs2ql5AXHjz4Uz
Static task
static1
Behavioral task
behavioral1
Sample
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5732817033:AAFBYIIZmJ7NuvVwD7WRcbV9qwcOqT7RpwM/sendMessage?chat_id=1638137774
Targets
-
-
Target
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f
-
Size
714KB
-
MD5
78f6fb28169a919b41474529ec8a59bc
-
SHA1
f34f60fe15ef696a0e666d9a32157e695aa334a3
-
SHA256
af79a9b723c54624d8dea2731d129d5fd69c30a77e8244d6b7964f414224ce3f
-
SHA512
333aef1e84ccbdc32c4e1016663516c2932be0e5e7f8d4299a5111236f4f8f5ff942686088531b45d0942c0136a71538d39932063844d60ee075a9411080f7d5
-
SSDEEP
12288:rKa+70n6pT/3Eb47XK6hTBr1pUviaB5jM24QE/+Fz:f+7ZTvEs2ql5AXHjz4Uz
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-