General
-
Target
FACTURA.exe
-
Size
164KB
-
Sample
221220-hh292aca3v
-
MD5
ed569d6f146f9101293b60dee2e726f6
-
SHA1
24a5c1579b090e1f8c9a5ff128f9545542fa8a69
-
SHA256
7cde481029d0f331c932ffb79f04c8113ab6d5b36bbd4cc18f4c54b086910b58
-
SHA512
36820914cd1605f058a97ecaf2ce5af808648a533abcbb3d5d567f9fc4978d6acc056d28eb629299785b6064481b74f760744c6d8acefb05d8ddb8de3edea974
-
SSDEEP
3072:DGpmGTuaBefnv1TkuFDMyDGdV0j/uwmyJ+aXE/8brg0TKC0gDm6:qLuaQfv1TkuFDMyD6V0zusJRklI
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
FACTURA.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377
Targets
-
-
Target
FACTURA.exe
-
Size
164KB
-
MD5
ed569d6f146f9101293b60dee2e726f6
-
SHA1
24a5c1579b090e1f8c9a5ff128f9545542fa8a69
-
SHA256
7cde481029d0f331c932ffb79f04c8113ab6d5b36bbd4cc18f4c54b086910b58
-
SHA512
36820914cd1605f058a97ecaf2ce5af808648a533abcbb3d5d567f9fc4978d6acc056d28eb629299785b6064481b74f760744c6d8acefb05d8ddb8de3edea974
-
SSDEEP
3072:DGpmGTuaBefnv1TkuFDMyDGdV0j/uwmyJ+aXE/8brg0TKC0gDm6:qLuaQfv1TkuFDMyD6V0zusJRklI
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-