General

  • Target

    SecuriteInfo.com.Variant.Strictor.275982.17204.7010

  • Size

    666KB

  • Sample

    221026-ja9jtafad8

  • MD5

    21f93cfd5719b49dc5567768d441e190

  • SHA1

    46af249ebd3f721b92fa350cf946f16752f208ec

  • SHA256

    8c631258f16b062dbbc3c6de1c5d27b727e5c7375fdff993a252fdc98814376a

  • SHA512

    106151c33f7162c44109d04b5fc6c70f62c4975e3e0e2834d0d272ecb7a9fc9ba7a071a682014e964554c1c2715ba8a77d828852d765ab7195ecf1a47cbad541

  • SSDEEP

    12288:8aJcmptCO6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGHb:8aGOCZlT+lQTD/O3BArRCHb

Malware Config

Targets

    • Target

      SecuriteInfo.com.Variant.Strictor.275982.17204.7010

    • Size

      666KB

    • MD5

      21f93cfd5719b49dc5567768d441e190

    • SHA1

      46af249ebd3f721b92fa350cf946f16752f208ec

    • SHA256

      8c631258f16b062dbbc3c6de1c5d27b727e5c7375fdff993a252fdc98814376a

    • SHA512

      106151c33f7162c44109d04b5fc6c70f62c4975e3e0e2834d0d272ecb7a9fc9ba7a071a682014e964554c1c2715ba8a77d828852d765ab7195ecf1a47cbad541

    • SSDEEP

      12288:8aJcmptCO6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGHb:8aGOCZlT+lQTD/O3BArRCHb

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks