General
-
Target
SecuriteInfo.com.Trojan.DownLoaderNET.447.20530.9920.exe
-
Size
185KB
-
Sample
221107-l8g9bsbba6
-
MD5
9511a74b28e3fecc899c07231fa8af5d
-
SHA1
65f642a4bd81f5f5355bf82fc79f8df2f291a144
-
SHA256
2cd01ed98525d509bfa350ef7e618a0342b0a4b1214adfe5d9b89696ab645d49
-
SHA512
a6836225ecd0d54c2916f50f10d8e94326244ca62094082a457092c04edc874b91e055814654df8f137735a52db7ad0a077f629b24bca34784a8708b065ad89a
-
SSDEEP
1536:pcKHPHdUGOsVUch/1ZjhGIBOrPaOYdSkjiRNqOP3G:LHDSch/71hEbaFSkjiRrP2
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownLoaderNET.447.20530.9920.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.DownLoaderNET.447.20530.9920.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
SecuriteInfo.com.Trojan.DownLoaderNET.447.20530.9920.exe
-
Size
185KB
-
MD5
9511a74b28e3fecc899c07231fa8af5d
-
SHA1
65f642a4bd81f5f5355bf82fc79f8df2f291a144
-
SHA256
2cd01ed98525d509bfa350ef7e618a0342b0a4b1214adfe5d9b89696ab645d49
-
SHA512
a6836225ecd0d54c2916f50f10d8e94326244ca62094082a457092c04edc874b91e055814654df8f137735a52db7ad0a077f629b24bca34784a8708b065ad89a
-
SSDEEP
1536:pcKHPHdUGOsVUch/1ZjhGIBOrPaOYdSkjiRNqOP3G:LHDSch/71hEbaFSkjiRrP2
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-