blustealer | 3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b | Triage

Submit
Reports

Overview

overview

Static

static

3d075bfc29...0b.exe

windows7-x64

3d075bfc29...0b.exe

windows10-2004-x64

Resubmissions

28-12-2022 04:42

221228-fb6mrsce3x 10

28-12-2022 04:37

221228-e8256sce2y 10

Sharing

General

Target

3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
Size

136KB
Sample

221228-e8256sce2y
MD5

1e3b9b3c9243ad08a9a71c1c5815b194
SHA1

54e370ed00b51781d527f0d09f3ee69245d2d46f
SHA256

3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
SHA512

8b4e90be92462e99e41de3449cd1a03dd38f03ed4d258bd5e397b1f8600909fd354ab5eaf09e098183dd901b731d231d12d0ef1b6cd8103322fb1a22db86b29b
SSDEEP

1536:L/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViorkfPPJICi5h3eF13:bZTkLfhjFSiO3odkfP7iHyV

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b.exe

Resource

win7-20220812-en

stormkitty collection stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b.exe

Resource

win10v2004-20221111-en

stormkitty collection stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5626885704:AAFu-gfZtINkFpAAx6IIJ--E7LcG84FhgZo/sendMessage?chat_id=5388276304

Targets

- Target
  
  3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
- Size
  
  136KB
- MD5
  
  1e3b9b3c9243ad08a9a71c1c5815b194
- SHA1
  
  54e370ed00b51781d527f0d09f3ee69245d2d46f
- SHA256
  
  3d075bfc29b9d4f17ac60eea8e58a1ebe94f2af614e1637e591799338984750b
- SHA512
  
  8b4e90be92462e99e41de3449cd1a03dd38f03ed4d258bd5e397b1f8600909fd354ab5eaf09e098183dd901b731d231d12d0ef1b6cd8103322fb1a22db86b29b
- SSDEEP
  
  1536:L/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViorkfPPJICi5h3eF13:bZTkLfhjFSiO3odkfP7iHyV
Score

10^/10

stormkitty collection stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectionstealer

behavioral2

stormkittycollectionstealer

© 2018-2024

Terms | Privacy