General
-
Target
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45.exe
-
Size
780KB
-
Sample
221010-nsv7csbfd7
-
MD5
a4d36cd35902d578b47f4df2fc122f89
-
SHA1
2786e84c4f4a32a2113061c4798109f78e36f001
-
SHA256
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45
-
SHA512
76fd3ed7609deb143e4c490bb40defc5473d9e164cda1bc9e2d3b58ecbb9b9d7cad52696503e3ef7d17a13797eedd734d6e8f1c9dbe8ccb0da1183d2426921da
-
SSDEEP
12288:i/8LhfMZtCa6VjHv06y62IfpsrQxq6naK9A4Sp:TlTfp2IsAlna2Sp
Static task
static1
Behavioral task
behavioral1
Sample
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718
Targets
-
-
Target
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45.exe
-
Size
780KB
-
MD5
a4d36cd35902d578b47f4df2fc122f89
-
SHA1
2786e84c4f4a32a2113061c4798109f78e36f001
-
SHA256
9980dfcbb40e06f805dc8ad0d33d5ba063bf914e54f15f3b42d16aa494eafc45
-
SHA512
76fd3ed7609deb143e4c490bb40defc5473d9e164cda1bc9e2d3b58ecbb9b9d7cad52696503e3ef7d17a13797eedd734d6e8f1c9dbe8ccb0da1183d2426921da
-
SSDEEP
12288:i/8LhfMZtCa6VjHv06y62IfpsrQxq6naK9A4Sp:TlTfp2IsAlna2Sp
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-