General

  • Target

    da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe

  • Size

    978KB

  • Sample

    221028-nrnqwsfde8

  • MD5

    5114af44629e0c885fb514c3b0f6fb95

  • SHA1

    433549954ee3330268c26fc7cb4f3665525feb82

  • SHA256

    da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628

  • SHA512

    bcddef915d811dbcd3719d7c7a30add5635386b4b48cd38e05e1c180488d23e9deecd1e67a4db35df7b2fa67a09a5c06747175bba1c5830043222fc7dd53539e

  • SSDEEP

    12288:L/2YODrqNsTEOajT7VDAyaFIn7/N4IkIhN+NpjqagJyi7wX1JNp1ynn2jG:LarPQOWHVn7/NpopjrgtMX1JV4X

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

    • Target

      da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe

    • Size

      978KB

    • MD5

      5114af44629e0c885fb514c3b0f6fb95

    • SHA1

      433549954ee3330268c26fc7cb4f3665525feb82

    • SHA256

      da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628

    • SHA512

      bcddef915d811dbcd3719d7c7a30add5635386b4b48cd38e05e1c180488d23e9deecd1e67a4db35df7b2fa67a09a5c06747175bba1c5830043222fc7dd53539e

    • SSDEEP

      12288:L/2YODrqNsTEOajT7VDAyaFIn7/N4IkIhN+NpjqagJyi7wX1JNp1ynn2jG:LarPQOWHVn7/NpopjrgtMX1JV4X

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks