General

  • Target

    4b28d8e218f5dfe20541b32fca297074.exe

  • Size

    881KB

  • Sample

    221019-p872jaggc3

  • MD5

    4b28d8e218f5dfe20541b32fca297074

  • SHA1

    a5b715011f2bd3229e3acf3d88131a61043eba1a

  • SHA256

    ecd2c1eb9e0c374746d9148a15db8deb551d46d3c45bd075e7928b1f3210f4bc

  • SHA512

    04fac1bf2cb45ea967ddf9e5cf34fc1582b094fd0d0423ba6f56e889fb9e58b6b85f848201855446f540de19b8665fef1bc5d5f07face17955682cbcad4707ac

  • SSDEEP

    12288:rMXcyHcfKPLcYdXQawrPI2F2QVokACzkRj8U8oxfEunphMnX:QNcfMLciXQlrR2QukACgRHM

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

    • Target

      4b28d8e218f5dfe20541b32fca297074.exe

    • Size

      881KB

    • MD5

      4b28d8e218f5dfe20541b32fca297074

    • SHA1

      a5b715011f2bd3229e3acf3d88131a61043eba1a

    • SHA256

      ecd2c1eb9e0c374746d9148a15db8deb551d46d3c45bd075e7928b1f3210f4bc

    • SHA512

      04fac1bf2cb45ea967ddf9e5cf34fc1582b094fd0d0423ba6f56e889fb9e58b6b85f848201855446f540de19b8665fef1bc5d5f07face17955682cbcad4707ac

    • SSDEEP

      12288:rMXcyHcfKPLcYdXQawrPI2F2QVokACzkRj8U8oxfEunphMnX:QNcfMLciXQlrR2QukACgRHM

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks