General
-
Target
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe
-
Size
978KB
-
Sample
221028-nrnqwsfde8
-
MD5
5114af44629e0c885fb514c3b0f6fb95
-
SHA1
433549954ee3330268c26fc7cb4f3665525feb82
-
SHA256
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628
-
SHA512
bcddef915d811dbcd3719d7c7a30add5635386b4b48cd38e05e1c180488d23e9deecd1e67a4db35df7b2fa67a09a5c06747175bba1c5830043222fc7dd53539e
-
SSDEEP
12288:L/2YODrqNsTEOajT7VDAyaFIn7/N4IkIhN+NpjqagJyi7wX1JNp1ynn2jG:LarPQOWHVn7/NpopjrgtMX1JV4X
Static task
static1
Behavioral task
behavioral1
Sample
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215
Targets
-
-
Target
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628.exe
-
Size
978KB
-
MD5
5114af44629e0c885fb514c3b0f6fb95
-
SHA1
433549954ee3330268c26fc7cb4f3665525feb82
-
SHA256
da67541015af6ddee5bad1432ecc3efbf85cde69c494fd1635edbae606c4a628
-
SHA512
bcddef915d811dbcd3719d7c7a30add5635386b4b48cd38e05e1c180488d23e9deecd1e67a4db35df7b2fa67a09a5c06747175bba1c5830043222fc7dd53539e
-
SSDEEP
12288:L/2YODrqNsTEOajT7VDAyaFIn7/N4IkIhN+NpjqagJyi7wX1JNp1ynn2jG:LarPQOWHVn7/NpopjrgtMX1JV4X
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-