General
-
Target
e2419d65e2d88ed19b494daaccc05712.exe
-
Size
105KB
-
Sample
221021-km5xtsbhbp
-
MD5
e2419d65e2d88ed19b494daaccc05712
-
SHA1
3e3db7a4f0beafa3c41827020b76b20d27cb6767
-
SHA256
8d07cd7ceb888ec77c8f28fc6f3e61791605c4c2cdaad7ff31450cb9c94358fd
-
SHA512
eade4b4d24b17a95cb0f6163ee2c3df5442f3581ca11a68ee831e436c3f2f95e2fadf833d128b03ac40f6bb6d637ed53792c04ee43eedf397301a0ce9d010109
-
SSDEEP
3072:9Cc53RIZ2BtFUQd7JrnQjm7szl7sC7wwn:lIZ25UUQj9zl7I
Static task
static1
Behavioral task
behavioral1
Sample
e2419d65e2d88ed19b494daaccc05712.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e2419d65e2d88ed19b494daaccc05712.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650
Targets
-
-
Target
e2419d65e2d88ed19b494daaccc05712.exe
-
Size
105KB
-
MD5
e2419d65e2d88ed19b494daaccc05712
-
SHA1
3e3db7a4f0beafa3c41827020b76b20d27cb6767
-
SHA256
8d07cd7ceb888ec77c8f28fc6f3e61791605c4c2cdaad7ff31450cb9c94358fd
-
SHA512
eade4b4d24b17a95cb0f6163ee2c3df5442f3581ca11a68ee831e436c3f2f95e2fadf833d128b03ac40f6bb6d637ed53792c04ee43eedf397301a0ce9d010109
-
SSDEEP
3072:9Cc53RIZ2BtFUQd7JrnQjm7szl7sC7wwn:lIZ25UUQj9zl7I
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-