General
-
Target
hesaphareketi-01.exe
-
Size
30KB
-
Sample
221017-v5etgacdg8
-
MD5
e6afab8c4782348cc7fab5c84acf1883
-
SHA1
279ebffe57812186e4d4a7d65160b98674950a60
-
SHA256
abfc03fd72f7e6827cf30bf0b28bd95fbda4095c549e4a07b5f23b7aeb55f4c8
-
SHA512
6adfd0a446dbe13e09e71d71efc43be8cdf0ef579a5e6182d328da48ff88523c9bac8743e60fa0fbfb033dc12e583972d959ff7d4e6b8725dcedb36499b43678
-
SSDEEP
768:cobj0sOzazGQloqQFtY2GmmIewLCsXjwmxWtOB/ucCJ:chylovczSLXjwmxWtG/+J
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5617443580:AAFX8iYrXMCASkw95O815OVGuLWLdSgh8Qo/sendMessage?chat_id=5334267822
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
30KB
-
MD5
e6afab8c4782348cc7fab5c84acf1883
-
SHA1
279ebffe57812186e4d4a7d65160b98674950a60
-
SHA256
abfc03fd72f7e6827cf30bf0b28bd95fbda4095c549e4a07b5f23b7aeb55f4c8
-
SHA512
6adfd0a446dbe13e09e71d71efc43be8cdf0ef579a5e6182d328da48ff88523c9bac8743e60fa0fbfb033dc12e583972d959ff7d4e6b8725dcedb36499b43678
-
SSDEEP
768:cobj0sOzazGQloqQFtY2GmmIewLCsXjwmxWtOB/ucCJ:chylovczSLXjwmxWtG/+J
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-