General
-
Target
8223906122.zip
-
Size
797KB
-
Sample
221013-y3rxsscehn
-
MD5
569c3fd9448b293cf111b5069203769f
-
SHA1
010a9f2af2e95022d5330aa24006ce05e8e5964b
-
SHA256
46e9dd942a0ac14a2d73e9058997275cd3cbdb024fded3598f9970c98b31becf
-
SHA512
de6528be0740df498b6cf35890fe50a11687f88c48ba57ee263b0a0e0ad1e1c4adde30772369f808ec931cabfacc0865622a75c7861d10550d33c0f34b4dce8a
-
SSDEEP
12288:Za/Lv2wm4tBtDvJi282YlccaI+5b1StB4czdxWAzjQ93wtHGE95Ni8GWMwRlaSB5:8C03vMacazStB4e/Qk7TaWmPiZqY+m
Static task
static1
Behavioral task
behavioral1
Sample
account.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
account.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5402813712:AAG__8vfwqo_1K9XHIpxzTR9T7UW4raysO4/sendMessage?chat_id=5034680713
Targets
-
-
Target
account.exe
-
Size
834KB
-
MD5
ed087331c9c97859d6d30bca5245b42d
-
SHA1
6f1f422171174486c9de328041a0606273b763aa
-
SHA256
15af08408332677507425dd21c6e04fa469e1129c21dc9ae2d830cc5c8aa0642
-
SHA512
336290c2b7b578fd9022b8d2b5708f27be6e56a8ac2cdcc2369a705896ad00a6920c76d295f24715c3063de4e71e7829cccd80a1c63558dc662b7544522daf0a
-
SSDEEP
12288:nF75eRgPwqoXY+mzoRtbvRT7PJ7Na+6ZmvatTu7Fm8gAxYS6L9ETD:nZ5wXY+mzo3bv/Ra+CmiRusyYD
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-