General
-
Target
18112022365.scr.exe
-
Size
229KB
-
Sample
221118-zpaa9sgb94
-
MD5
2c948d99fb2c74bc2e1065a83c9ac423
-
SHA1
5e6443132bb31fff16d94f823bc3df467de8dc84
-
SHA256
9111218e89daf7e547af7777d2cde1fe35e029c1eff85f991349308a51af3d3d
-
SHA512
6fffcc394750b99a57f438eef410333b941ced543126b2aa69ceade7b56136742104aeada34a46b7dfe090184ced384975a14b71721718c3d87ea3ccd00f3fab
-
SSDEEP
3072:F0k+T6gqPPIvuvHQFpaIYkKEPIFJzE17vt:F59HsaIYkb
Static task
static1
Behavioral task
behavioral1
Sample
18112022365.scr.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
18112022365.scr.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718
Targets
-
-
Target
18112022365.scr.exe
-
Size
229KB
-
MD5
2c948d99fb2c74bc2e1065a83c9ac423
-
SHA1
5e6443132bb31fff16d94f823bc3df467de8dc84
-
SHA256
9111218e89daf7e547af7777d2cde1fe35e029c1eff85f991349308a51af3d3d
-
SHA512
6fffcc394750b99a57f438eef410333b941ced543126b2aa69ceade7b56136742104aeada34a46b7dfe090184ced384975a14b71721718c3d87ea3ccd00f3fab
-
SSDEEP
3072:F0k+T6gqPPIvuvHQFpaIYkKEPIFJzE17vt:F59HsaIYkb
-
StormKitty payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-