General
-
Target
xt7veCXp-FiO53wlOYiWrGleDALEQnb8Q4IhiAewHhc.bin
-
Size
943KB
-
Sample
221129-qkxrbsfa91
-
MD5
779aba07d9e38600f5d56b1cdb4b13b3
-
SHA1
978dbdd1de6938658fd2bb7fa62504bc9854e7df
-
SHA256
c6deef7825e9fc588ee77c25398896ac695e0c02c44276fc4382218807b01e17
-
SHA512
c1cb51a4be7c0c76b038aa22bdb3e171e7a07104ca87195f5dd854bfd56b48d101b630addce08d3bae5b86e6cf6ac82c5ce01cf0d2d1c8254b0f3e6c51a743ad
-
SSDEEP
12288:njm1ajgVIqHZCWRehw84H+ZzF0ImT9JfeDH8EM1xr:cajysjhw+MImTbfmrwxr
Static task
static1
Behavioral task
behavioral1
Sample
xt7veCXp-FiO53wlOYiWrGleDALEQnb8Q4IhiAewHhc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
xt7veCXp-FiO53wlOYiWrGleDALEQnb8Q4IhiAewHhc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5412597166:AAGUaWxuTxxhNb-NRhiURcTMzuW9nhGoEs/sendMessage?chat_id=932962718
Targets
-
-
Target
xt7veCXp-FiO53wlOYiWrGleDALEQnb8Q4IhiAewHhc.bin
-
Size
943KB
-
MD5
779aba07d9e38600f5d56b1cdb4b13b3
-
SHA1
978dbdd1de6938658fd2bb7fa62504bc9854e7df
-
SHA256
c6deef7825e9fc588ee77c25398896ac695e0c02c44276fc4382218807b01e17
-
SHA512
c1cb51a4be7c0c76b038aa22bdb3e171e7a07104ca87195f5dd854bfd56b48d101b630addce08d3bae5b86e6cf6ac82c5ce01cf0d2d1c8254b0f3e6c51a743ad
-
SSDEEP
12288:njm1ajgVIqHZCWRehw84H+ZzF0ImT9JfeDH8EM1xr:cajysjhw+MImTbfmrwxr
Score10/10-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-