General
-
Target
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb
-
Size
136KB
-
Sample
221012-tdd77aacf6
-
MD5
66b734e0d570c5cb3719c2ae3799fb9f
-
SHA1
eb57c70683f468b24f1ad22fa11738cbf59b76d9
-
SHA256
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb
-
SHA512
6f6b00bf580ba92ce2b6c160cdaf1067d8c1c3adf895baf52b4c6ab6647409653f2680d624dc738a67f10b8a4cf9799fb63f91872171e9f2de23010470c46242
-
SSDEEP
1536:t/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViokHdJQwFrXjm3C:JZTkLfhjFSiO3o6/FHIC
Behavioral task
behavioral1
Sample
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896
Targets
-
-
Target
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb
-
Size
136KB
-
MD5
66b734e0d570c5cb3719c2ae3799fb9f
-
SHA1
eb57c70683f468b24f1ad22fa11738cbf59b76d9
-
SHA256
1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb
-
SHA512
6f6b00bf580ba92ce2b6c160cdaf1067d8c1c3adf895baf52b4c6ab6647409653f2680d624dc738a67f10b8a4cf9799fb63f91872171e9f2de23010470c46242
-
SSDEEP
1536:t/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViokHdJQwFrXjm3C:JZTkLfhjFSiO3o6/FHIC
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-