General

  • Target

    1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb

  • Size

    136KB

  • Sample

    221012-tdd77aacf6

  • MD5

    66b734e0d570c5cb3719c2ae3799fb9f

  • SHA1

    eb57c70683f468b24f1ad22fa11738cbf59b76d9

  • SHA256

    1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb

  • SHA512

    6f6b00bf580ba92ce2b6c160cdaf1067d8c1c3adf895baf52b4c6ab6647409653f2680d624dc738a67f10b8a4cf9799fb63f91872171e9f2de23010470c46242

  • SSDEEP

    1536:t/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViokHdJQwFrXjm3C:JZTkLfhjFSiO3o6/FHIC

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

    • Target

      1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb

    • Size

      136KB

    • MD5

      66b734e0d570c5cb3719c2ae3799fb9f

    • SHA1

      eb57c70683f468b24f1ad22fa11738cbf59b76d9

    • SHA256

      1bc75cf24c2ab70e4cd6c98ffe69eaeae47e9bd90b9e0f5a2bf97bff553f85cb

    • SHA512

      6f6b00bf580ba92ce2b6c160cdaf1067d8c1c3adf895baf52b4c6ab6647409653f2680d624dc738a67f10b8a4cf9799fb63f91872171e9f2de23010470c46242

    • SSDEEP

      1536:t/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViokHdJQwFrXjm3C:JZTkLfhjFSiO3o6/FHIC

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks