General
-
Target
Adjunto comprobante de transferencia.bin.zip
-
Size
132KB
-
Sample
221018-j874msfba3
-
MD5
c60fbca5f71a80277172a484696e45da
-
SHA1
6f4363200595f16a199f525d1d79f957f9bf6de3
-
SHA256
6ee0666ac13cde16eed1e8ac0fed35481958e386143a319cd8d2473f2b947990
-
SHA512
5d73ebf3f48a9719177ee895072c279b06151694e0b8cc090447f52ab905bbbf11638b91bc07147996bf225d1e13646e762dfbf194a0a6228ef52d03af7a7cb8
-
SSDEEP
3072:QTjNrVhmlx2Q6sR+hkixRxto7f2S6zBvnG1Xg:QFhQ6sWDto7f2b41w
Static task
static1
Behavioral task
behavioral1
Sample
Adjunto comprobante de transferencia.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Adjunto comprobante de transferencia.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
Adjunto comprobante de transferencia.bin
-
Size
144KB
-
MD5
66cb0bdbdad8b6f432fec880e8f30139
-
SHA1
e0c501a8d1a6c85a5e534b83a52bc2feda43d6b5
-
SHA256
3dd0236bc47173fb5b7f6cddd06d5ca36bb00431f3eb0f4e641ac58e9244222e
-
SHA512
87d69debe9c7cea39fadfb021ab1688cf67d6340b6d0f658d1a42746a18b5e33f583f13312ced950d7da7bd7070db892db1b06756da17622fe2ab7d07601fd36
-
SSDEEP
3072:VcHL0ZrxLvY9i7NeKw4MNaCJYctsJVJRxODdIjGiC7okl4SA:KQfeBNNNKJV/xs9in
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-