General
-
Target
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f
-
Size
871KB
-
Sample
221012-sxjfkshdf8
-
MD5
48ed3a5b89df4c83f43c231d190c4726
-
SHA1
7acba69249c5081577c60d5e05c5b96ffc3bf1de
-
SHA256
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f
-
SHA512
d1a89fa9fdbe13912a45a69084bd14a3ad593106b061e55c872d7985407e118da33741db81de4565b99d613db139bf3cd32c33ed015a73bf82582ed0d8cddc38
-
SSDEEP
6144:1Rlbcr0FdRmvct7YOjTZGN6O46h5iIWROT+e1L1ludK0INglez2YNnIkta8mhiKS:d3pz05iveBludK0EhNIkQ900pw3bK
Static task
static1
Behavioral task
behavioral1
Sample
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5617443580:AAFX8iYrXMCASkw95O815OVGuLWLdSgh8Qo/sendMessage?chat_id=5334267822
Targets
-
-
Target
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f
-
Size
871KB
-
MD5
48ed3a5b89df4c83f43c231d190c4726
-
SHA1
7acba69249c5081577c60d5e05c5b96ffc3bf1de
-
SHA256
4a4ce6ec040bc9218e968e392a46a9e19380bf8be1bc7f989715e2d53770c77f
-
SHA512
d1a89fa9fdbe13912a45a69084bd14a3ad593106b061e55c872d7985407e118da33741db81de4565b99d613db139bf3cd32c33ed015a73bf82582ed0d8cddc38
-
SSDEEP
6144:1Rlbcr0FdRmvct7YOjTZGN6O46h5iIWROT+e1L1ludK0INglez2YNnIkta8mhiKS:d3pz05iveBludK0EhNIkQ900pw3bK
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-