General
-
Target
hesaphareketi-01.exe
-
Size
88KB
-
Sample
221014-wgaehsdhh8
-
MD5
b512acd6e24d0dd3f81451daf4e3cd59
-
SHA1
7463697bb4396a5193c6ab690e240558beb921b9
-
SHA256
a1f05c1b3abcd13e9666882d300ab3e39865b0ace466e8e62737787caacf77b0
-
SHA512
8de538963955c57e30ac45debc5d5c00305ea41d2aa6d539d0a62c5b55b0208ae123bb9e85787921fcb00c8b3b0b4d96767f4d7d03c604e553aeb3016a198a17
-
SSDEEP
384:YAfkHnAev2PRr3Gy+AzJLVK8SykdvA98pgNkDlmSyqf2odsgwjbYJp2trlq8R:YzHw5z5LVKkSohN0lUqf2TbYJWRqK
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
88KB
-
MD5
b512acd6e24d0dd3f81451daf4e3cd59
-
SHA1
7463697bb4396a5193c6ab690e240558beb921b9
-
SHA256
a1f05c1b3abcd13e9666882d300ab3e39865b0ace466e8e62737787caacf77b0
-
SHA512
8de538963955c57e30ac45debc5d5c00305ea41d2aa6d539d0a62c5b55b0208ae123bb9e85787921fcb00c8b3b0b4d96767f4d7d03c604e553aeb3016a198a17
-
SSDEEP
384:YAfkHnAev2PRr3Gy+AzJLVK8SykdvA98pgNkDlmSyqf2odsgwjbYJp2trlq8R:YzHw5z5LVKkSohN0lUqf2TbYJWRqK
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-