General
-
Target
hesaphareketi-01.exe
-
Size
23KB
-
Sample
221014-gwfgrabbbp
-
MD5
f6b1dd2591feab56f364a1ccaa7e2538
-
SHA1
4a703eebae8be5be510b2a77f8c0c3c02eb67a32
-
SHA256
826e3671ba9e4e5b882513fe4805843f9ed48d26738e2072d33655ffcafca83d
-
SHA512
616a976e8108801e3e94128596bab266606fbc4edabccfbdd269121967fe1ecf948619e128775c8ca25e3df95cb67538d14dca2d9e633acd2935c8480cc684b8
-
SSDEEP
192:GqjfkKXPCGDAev2PcoFTPnxcFz7Fs2WST6zvlRJTHhnj4OpqZndlJ4biHPNyW1:GqjfkFYAev2PbLYzQTBHCZJ5H1T
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5617443580:AAFX8iYrXMCASkw95O815OVGuLWLdSgh8Qo/sendMessage?chat_id=5334267822
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
23KB
-
MD5
f6b1dd2591feab56f364a1ccaa7e2538
-
SHA1
4a703eebae8be5be510b2a77f8c0c3c02eb67a32
-
SHA256
826e3671ba9e4e5b882513fe4805843f9ed48d26738e2072d33655ffcafca83d
-
SHA512
616a976e8108801e3e94128596bab266606fbc4edabccfbdd269121967fe1ecf948619e128775c8ca25e3df95cb67538d14dca2d9e633acd2935c8480cc684b8
-
SSDEEP
192:GqjfkKXPCGDAev2PcoFTPnxcFz7Fs2WST6zvlRJTHhnj4OpqZndlJ4biHPNyW1:GqjfkFYAev2PbLYzQTBHCZJ5H1T
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-