General
-
Target
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5.exe
-
Size
856KB
-
Sample
221020-y87kfadcdj
-
MD5
e3c3961c460143a9ecf527e1821b89cc
-
SHA1
db1b4f8b3383eee78296cc69d3d101a2a23012ca
-
SHA256
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5
-
SHA512
a439568155ebf0e85eee3104fe98e9001141f8a8e5178b7e011c5c24554b8eb8f2a734c60b68bea05bf9170fa3001a081a93233de2d2f5414e1b1f4e607c59c9
-
SSDEEP
12288:yPLQR/4veFNM4rKd3zIEEqBSP3JJxP7xINKJhJf3wZh:g+4vevrXH7P3vxP7xINOP
Static task
static1
Behavioral task
behavioral1
Sample
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215
Targets
-
-
Target
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5.exe
-
Size
856KB
-
MD5
e3c3961c460143a9ecf527e1821b89cc
-
SHA1
db1b4f8b3383eee78296cc69d3d101a2a23012ca
-
SHA256
28be1b525319b02993d31a3d45330e8924f40b4ebeb8696a89bcd3333bea26d5
-
SHA512
a439568155ebf0e85eee3104fe98e9001141f8a8e5178b7e011c5c24554b8eb8f2a734c60b68bea05bf9170fa3001a081a93233de2d2f5414e1b1f4e607c59c9
-
SSDEEP
12288:yPLQR/4veFNM4rKd3zIEEqBSP3JJxP7xINKJhJf3wZh:g+4vevrXH7P3vxP7xINOP
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-