General

  • Target

    7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571

  • Size

    534KB

  • Sample

    221026-tn7mgsgcek

  • MD5

    059ad08d9e8eef31013b815016bf2c50

  • SHA1

    ec7aca3235e337104cae18b08519445907e33400

  • SHA256

    7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571

  • SHA512

    5f496575852ca180ca92df1aeaa221613259d1666936c37602f5ca605a24b8dc3394cb0323683bfef257f9b71e9235984482482df237afe4cf59ed232a30ff68

  • SSDEEP

    12288:lnC3ziKYs6O6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGH1:ln5KYs6ZlT+lQTD/O3BArRCH1

Malware Config

Targets

    • Target

      7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571

    • Size

      534KB

    • MD5

      059ad08d9e8eef31013b815016bf2c50

    • SHA1

      ec7aca3235e337104cae18b08519445907e33400

    • SHA256

      7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571

    • SHA512

      5f496575852ca180ca92df1aeaa221613259d1666936c37602f5ca605a24b8dc3394cb0323683bfef257f9b71e9235984482482df237afe4cf59ed232a30ff68

    • SSDEEP

      12288:lnC3ziKYs6O6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGH1:ln5KYs6ZlT+lQTD/O3BArRCH1

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks