blustealer | 3129b84bf731a2348ea99a5d7e03c9b52993963a88607ad149b13b7cba499f19 | Triage

Submit
Reports

Overview

overview

Static

static

palmic.exe

windows7-x64

3

palmic.exe

windows10-2004-x64

Sharing

General

Target

palmic.exe
Size

66KB
Sample

221108-pcgjpshbgp
MD5

ec56a21c8ee1d373f5e892cc19a14441
SHA1

e2834f9bfe32bb1a6b4fbb4cff128e8dcdece15b
SHA256

3129b84bf731a2348ea99a5d7e03c9b52993963a88607ad149b13b7cba499f19
SHA512

b78ca39248267de920b270323134d354cabee4fc434f1ba216669d504ffdc5e2b7cd45d54e48f457cfc9afb4cc1a52d91a0523fa7899ea8f36324668c0bd5532
SSDEEP

768:Yy8W6IZhbT3GpO1gyapErmN7uPS/Zp8Hk/8gV90DBVpGwDO+snK5k41PMArE7+6d:YHI72gQk+NoVLsK5k410jEY+ICyjZ

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

palmic.exe

Resource

win7-20220812-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

palmic.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

- Target
  
  palmic.exe
- Size
  
  66KB
- MD5
  
  ec56a21c8ee1d373f5e892cc19a14441
- SHA1
  
  e2834f9bfe32bb1a6b4fbb4cff128e8dcdece15b
- SHA256
  
  3129b84bf731a2348ea99a5d7e03c9b52993963a88607ad149b13b7cba499f19
- SHA512
  
  b78ca39248267de920b270323134d354cabee4fc434f1ba216669d504ffdc5e2b7cd45d54e48f457cfc9afb4cc1a52d91a0523fa7899ea8f36324668c0bd5532
- SSDEEP
  
  768:Yy8W6IZhbT3GpO1gyapErmN7uPS/Zp8Hk/8gV90DBVpGwDO+snK5k41PMArE7+6d:YHI72gQk+NoVLsK5k410jEY+ICyjZ
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2024

Terms | Privacy