blustealer | 54f58b71edf0a942fa517b866e0e313e41e36a4c2499e5d0796b1d1c2878c393 | Triage

Submit
Reports

Overview

overview

Static

static

SFP-22-FC-0686.exe

windows7-x64

SFP-22-FC-0686.exe

windows10-2004-x64

Sharing

General

Target

SFP-22-FC-0686.z
Size

513KB
Sample

221024-zkcwlaaed8
MD5

4a3bf0c7a00199c0963edf09bfb56878
SHA1

0dd1f6fd158a997d3c66c4c4c4a39f4ff892316c
SHA256

54f58b71edf0a942fa517b866e0e313e41e36a4c2499e5d0796b1d1c2878c393
SHA512

a147464eba6ea3404aeaf46c2873fb0e3459aab7e56e52bf57526f4808c4fe131d0d26a537ca257548e37c8b8777c692d88722751586a209dc88b4eca6cc65c2
SSDEEP

12288:q0UHcBwkpnEcxrV+PbFVtv+IYPBEkVw322P7EsU0o6/WpJMygL9ZBZrE:zTnE4UPbFXHYxOHV/WpwU

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

SFP-22-FC-0686.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SFP-22-FC-0686.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5576673774:AAF__hFRh9bcJV72HkFb-9eZR9JNNyuOmFM/sendMessage?chat_id=1194722650

Targets

- Target
  
  SFP-22-FC-0686.exe
- Size
  
  797KB
- MD5
  
  57230076ca876a672ae1bbbfc02bb91f
- SHA1
  
  f314804f242e74fa4cce3b7b037377e6ba545883
- SHA256
  
  e159a74241500581bc177ee274c8f7a19722865f35ae19084b7fe0c9db7e67b0
- SHA512
  
  1473de14683fc9ccfa90b91ec189dbbcae5514bdbfa5e40b3f307ece292516133cf7ec6d696b226c74e289ef4714b702b9b8ff35d5c8c4a8b9cfba70e7e285f7
- SSDEEP
  
  12288:0wBfEugcx3FYPbF9fjUIYPp8kJwN22ntUsw0o6LKDTJ4djC5u:E4GPbFF5YRWxhLKDZ
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2025

Terms | Privacy