General
-
Target
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83.exe
-
Size
1.0MB
-
Sample
221021-we54eahddn
-
MD5
4d978699b2bfe1caa498959e6f8d24c6
-
SHA1
5b3741f09c2a9a43deaa46ed96df18d01c7813c6
-
SHA256
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83
-
SHA512
4a9fd3e03d0c1dae3edd3caaf11cd0d38bc2a15609ace7998bdd151d0ef80a70d7928418db4dfbd63af7e743fccb64df45bad6ec4f9017209d92e805d0f9e040
-
SSDEEP
24576:Nqymo1qR8bFCvTsBmx8NMMnGNHR3kQKSBm:Nq6QBwBmx8mCkJkmg
Static task
static1
Behavioral task
behavioral1
Sample
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718
Targets
-
-
Target
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83.exe
-
Size
1.0MB
-
MD5
4d978699b2bfe1caa498959e6f8d24c6
-
SHA1
5b3741f09c2a9a43deaa46ed96df18d01c7813c6
-
SHA256
cacdd063765d8392c5170288190233117fd8c99fee8290613c0834f4e1f4fa83
-
SHA512
4a9fd3e03d0c1dae3edd3caaf11cd0d38bc2a15609ace7998bdd151d0ef80a70d7928418db4dfbd63af7e743fccb64df45bad6ec4f9017209d92e805d0f9e040
-
SSDEEP
24576:Nqymo1qR8bFCvTsBmx8NMMnGNHR3kQKSBm:Nq6QBwBmx8mCkJkmg
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-