blustealer | 7cde481029d0f331c932ffb79f04c8113ab6d5b36bbd4cc18f4c54b086910b58 | Triage

Submit
Reports

Overview

overview

Static

static

FACTURA.exe

windows10-1703-x64

Resubmissions

20-12-2022 23:15

221220-28xl1sbc85 10

20-12-2022 06:45

221220-hh292aca3v 10

Sharing

General

Target

FACTURA.exe
Size

164KB
Sample

221220-28xl1sbc85
MD5

ed569d6f146f9101293b60dee2e726f6
SHA1

24a5c1579b090e1f8c9a5ff128f9545542fa8a69
SHA256

7cde481029d0f331c932ffb79f04c8113ab6d5b36bbd4cc18f4c54b086910b58
SHA512

36820914cd1605f058a97ecaf2ce5af808648a533abcbb3d5d567f9fc4978d6acc056d28eb629299785b6064481b74f760744c6d8acefb05d8ddb8de3edea974
SSDEEP

3072:DGpmGTuaBefnv1TkuFDMyDGdV0j/uwmyJ+aXE/8brg0TKC0gDm6:qLuaQfv1TkuFDMyD6V0zusJRklI

Score

10^/10

blustealer stormkitty spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FACTURA.exe

Resource

win10-20220812-en

blustealer stormkitty spyware stealer

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

- Target
  
  FACTURA.exe
- Size
  
  164KB
- MD5
  
  ed569d6f146f9101293b60dee2e726f6
- SHA1
  
  24a5c1579b090e1f8c9a5ff128f9545542fa8a69
- SHA256
  
  7cde481029d0f331c932ffb79f04c8113ab6d5b36bbd4cc18f4c54b086910b58
- SHA512
  
  36820914cd1605f058a97ecaf2ce5af808648a533abcbb3d5d567f9fc4978d6acc056d28eb629299785b6064481b74f760744c6d8acefb05d8ddb8de3edea974
- SSDEEP
  
  3072:DGpmGTuaBefnv1TkuFDMyDGdV0j/uwmyJ+aXE/8brg0TKC0gDm6:qLuaQfv1TkuFDMyD6V0zusJRklI
Score

10^/10

blustealer stormkitty spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittyspywarestealer

© 2018-2024

Terms | Privacy