General

  • Target

    Consulta adjunta.exe

  • Size

    43KB

  • Sample

    221114-la41fabb51

  • MD5

    b1f86158fada0496bed842e21913c161

  • SHA1

    f56f230c577760aa6e8940f8582e72a9513850b5

  • SHA256

    5f062e4d8beaf7bc3b606afe8d058580b38ce33393b89a23db757ab4cf4f4576

  • SHA512

    8616e1de2b3fe6364da08b4860f70579f1140a1a9ac1c70d7f398917c7f7dba7b32da9fb64a191075f248f0451b3899c971629332e21ad816a8a96ed1b4ec287

  • SSDEEP

    768:R0VcgMMJvtAG33fztRcb+AuuyXZpI7UyP2WlMzGE6h:R0jv5nJRBA03I7Pur4h

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      Consulta adjunta.exe

    • Size

      43KB

    • MD5

      b1f86158fada0496bed842e21913c161

    • SHA1

      f56f230c577760aa6e8940f8582e72a9513850b5

    • SHA256

      5f062e4d8beaf7bc3b606afe8d058580b38ce33393b89a23db757ab4cf4f4576

    • SHA512

      8616e1de2b3fe6364da08b4860f70579f1140a1a9ac1c70d7f398917c7f7dba7b32da9fb64a191075f248f0451b3899c971629332e21ad816a8a96ed1b4ec287

    • SSDEEP

      768:R0VcgMMJvtAG33fztRcb+AuuyXZpI7UyP2WlMzGE6h:R0jv5nJRBA03I7Pur4h

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks