blustealer | ce2518f0eddcfaa14c9c110d8df87b6aeeebabd851c53954a6702493be867338 | Triage

Submit
Reports

Overview

overview

Static

static

E-dekont.pdf.exe

windows7-x64

E-dekont.pdf.exe

windows10-2004-x64

Sharing

General

Target

E-dekont.pdf.exe
Size

782KB
Sample

221125-h69c9aeb6z
MD5

24a7aabcbce1a0c2b00bfab6630cfb67
SHA1

83d7e07f348bc6e70b2523831ce85cf93ca94403
SHA256

ce2518f0eddcfaa14c9c110d8df87b6aeeebabd851c53954a6702493be867338
SHA512

1956a7bb12cab247612d376d4058f6f8e8fd1d30d9e83e71b1d660ee302693fc20b88fb6f147f7b185626c515fac99a8729041d3af3faccd5494f377ab238798
SSDEEP

12288:40mZJbxpDFZ0z33QKyd9TNEAmcS3CAzpQWoTmQEr9bTAc/LMzYyTrJjSC:40oCwKW9+CSSAF2i9nArzNYC

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

E-dekont.pdf.exe

Resource

win7-20221111-en

blustealer stormkitty collection stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

E-dekont.pdf.exe

Resource

win10v2004-20221111-en

blustealer stormkitty stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

- Target
  
  E-dekont.pdf.exe
- Size
  
  782KB
- MD5
  
  24a7aabcbce1a0c2b00bfab6630cfb67
- SHA1
  
  83d7e07f348bc6e70b2523831ce85cf93ca94403
- SHA256
  
  ce2518f0eddcfaa14c9c110d8df87b6aeeebabd851c53954a6702493be867338
- SHA512
  
  1956a7bb12cab247612d376d4058f6f8e8fd1d30d9e83e71b1d660ee302693fc20b88fb6f147f7b185626c515fac99a8729041d3af3faccd5494f377ab238798
- SSDEEP
  
  12288:40mZJbxpDFZ0z33QKyd9TNEAmcS3CAzpQWoTmQEr9bTAc/LMzYyTrJjSC:40oCwKW9+CSSAF2i9nArzNYC
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittystealer

© 2018-2024

Terms | Privacy