General
-
Target
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38.exe
-
Size
386KB
-
Sample
230106-rezt6sce5v
-
MD5
567fcda09e88a7143f6865b623b47b58
-
SHA1
0ff13870fcdf98c8a764715866d063561e1ddfc0
-
SHA256
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38
-
SHA512
4343096815d17e7e6f01ba724b18312b3f9e59efa3001af9374fa08c6440e8e78f83efde13ff3531612eebe4fcb1a51a6e251ea1114160176f466f6ab068da9a
-
SSDEEP
6144:YYa6hQx8ayrbor6PJ5OgCb58CxqITl2vmtYSgdANf5I:YY0xPgUr6RAgwSviYSpN2
Static task
static1
Behavioral task
behavioral1
Sample
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5732817033:AAFBYIIZmJ7NuvVwD7WRcbV9qwcOqT7RpwM/sendMessage?chat_id=1638137774
Targets
-
-
Target
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38.exe
-
Size
386KB
-
MD5
567fcda09e88a7143f6865b623b47b58
-
SHA1
0ff13870fcdf98c8a764715866d063561e1ddfc0
-
SHA256
d39fa4eda171a0a3850f87eed0c8b71f7bc8bf604dd951c819a25f8963dd3d38
-
SHA512
4343096815d17e7e6f01ba724b18312b3f9e59efa3001af9374fa08c6440e8e78f83efde13ff3531612eebe4fcb1a51a6e251ea1114160176f466f6ab068da9a
-
SSDEEP
6144:YYa6hQx8ayrbor6PJ5OgCb58CxqITl2vmtYSgdANf5I:YY0xPgUr6RAgwSviYSpN2
Score10/10-
StormKitty payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-