General
-
Target
4b28d8e218f5dfe20541b32fca297074.exe
-
Size
881KB
-
Sample
221019-p872jaggc3
-
MD5
4b28d8e218f5dfe20541b32fca297074
-
SHA1
a5b715011f2bd3229e3acf3d88131a61043eba1a
-
SHA256
ecd2c1eb9e0c374746d9148a15db8deb551d46d3c45bd075e7928b1f3210f4bc
-
SHA512
04fac1bf2cb45ea967ddf9e5cf34fc1582b094fd0d0423ba6f56e889fb9e58b6b85f848201855446f540de19b8665fef1bc5d5f07face17955682cbcad4707ac
-
SSDEEP
12288:rMXcyHcfKPLcYdXQawrPI2F2QVokACzkRj8U8oxfEunphMnX:QNcfMLciXQlrR2QukACgRHM
Static task
static1
Behavioral task
behavioral1
Sample
4b28d8e218f5dfe20541b32fca297074.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4b28d8e218f5dfe20541b32fca297074.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650
Targets
-
-
Target
4b28d8e218f5dfe20541b32fca297074.exe
-
Size
881KB
-
MD5
4b28d8e218f5dfe20541b32fca297074
-
SHA1
a5b715011f2bd3229e3acf3d88131a61043eba1a
-
SHA256
ecd2c1eb9e0c374746d9148a15db8deb551d46d3c45bd075e7928b1f3210f4bc
-
SHA512
04fac1bf2cb45ea967ddf9e5cf34fc1582b094fd0d0423ba6f56e889fb9e58b6b85f848201855446f540de19b8665fef1bc5d5f07face17955682cbcad4707ac
-
SSDEEP
12288:rMXcyHcfKPLcYdXQawrPI2F2QVokACzkRj8U8oxfEunphMnX:QNcfMLciXQlrR2QukACgRHM
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-