General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.31026.16859.exe
-
Size
175KB
-
Sample
221130-mjs5zaeh8t
-
MD5
abe6ca791db534c12bef5ea422084c09
-
SHA1
3f27e6e2860e37ec43d95e56544baee9d7c5ba2d
-
SHA256
126f5c52f11be3cd3a1d0abfb756975a103999757b90e64abc5d415d04c6689c
-
SHA512
7e6c4b33f4ddbb2cd947fa07230e615d2dd5cdb27be3f3b959e51db79646f480c74bbf61decb071a80e5855acfd055b765fe71cc6b1e114f0b5857ef07bb9fb9
-
SSDEEP
3072:d2mRPME2xzNrb7Hac9VjFGfe/B8bv8zYUvsNs14avcvLtSzqJEVDR:d202xzNf7HauVjFGfmKiYhsGavMLtXEV
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.PWSX-gen.31026.16859.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.PWSX-gen.31026.16859.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.31026.16859.exe
-
Size
175KB
-
MD5
abe6ca791db534c12bef5ea422084c09
-
SHA1
3f27e6e2860e37ec43d95e56544baee9d7c5ba2d
-
SHA256
126f5c52f11be3cd3a1d0abfb756975a103999757b90e64abc5d415d04c6689c
-
SHA512
7e6c4b33f4ddbb2cd947fa07230e615d2dd5cdb27be3f3b959e51db79646f480c74bbf61decb071a80e5855acfd055b765fe71cc6b1e114f0b5857ef07bb9fb9
-
SSDEEP
3072:d2mRPME2xzNrb7Hac9VjFGfe/B8bv8zYUvsNs14avcvLtSzqJEVDR:d202xzNf7HauVjFGfmKiYhsGavMLtXEV
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-