General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1293.27162.15596.exe
-
Size
660KB
-
Sample
221209-mjvnssch93
-
MD5
873bfbea840976bb63f1e7eae546725e
-
SHA1
7175df3680987e75f1ebb7430c8246400ebf71f4
-
SHA256
9e9f338d922f809d4ecac31b1b2c1bc38de325e848782308997d76eef549951f
-
SHA512
f3916908c555f105c3bc293d7d27e5592381a8586dda4d4771742bb537a84040d9d538447b8d22571d941b0caed9443f264b0bf495a7745fb556d9a7b58cdc87
-
SSDEEP
6144:k4uIrm6rLfOhXDBkyFhI8OZiLsyJ0If3+Nm3cxgU/ZzU:kv6rLClkyFhI8OZiIyJ1us3cxgU/Zz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1293.27162.15596.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.1293.27162.15596.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1293.27162.15596.exe
-
Size
660KB
-
MD5
873bfbea840976bb63f1e7eae546725e
-
SHA1
7175df3680987e75f1ebb7430c8246400ebf71f4
-
SHA256
9e9f338d922f809d4ecac31b1b2c1bc38de325e848782308997d76eef549951f
-
SHA512
f3916908c555f105c3bc293d7d27e5592381a8586dda4d4771742bb537a84040d9d538447b8d22571d941b0caed9443f264b0bf495a7745fb556d9a7b58cdc87
-
SSDEEP
6144:k4uIrm6rLfOhXDBkyFhI8OZiLsyJ0If3+Nm3cxgU/ZzU:kv6rLClkyFhI8OZiIyJ1us3cxgU/Zz
Score10/10-
StormKitty payload
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-