General
-
Target
hesaphareketi-02.exe
-
Size
286KB
-
Sample
230116-ldlm9sch53
-
MD5
020e8635c55df66681cd92163a811c7a
-
SHA1
21bf156059620f64f48b6a2e6564100108811dd2
-
SHA256
1ad0802a8ec7e2b02a912133947517e4b4b610426c5e278736e9de706956a97c
-
SHA512
3a737b8e6522af47ebeb29ea066bb89b520a86e6750762923aff52fb0430b9a6ba7724257e690cd6187e8d2a3079f0d6e4f8d78235363a842bc107e4f08fd457
-
SSDEEP
6144:WYa6NgSECqpOY00ZoaXPx9KYLENxmmz5g7oe29:WYbgQqpOY00zXPMW7U
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896
Targets
-
-
Target
hesaphareketi-02.exe
-
Size
286KB
-
MD5
020e8635c55df66681cd92163a811c7a
-
SHA1
21bf156059620f64f48b6a2e6564100108811dd2
-
SHA256
1ad0802a8ec7e2b02a912133947517e4b4b610426c5e278736e9de706956a97c
-
SHA512
3a737b8e6522af47ebeb29ea066bb89b520a86e6750762923aff52fb0430b9a6ba7724257e690cd6187e8d2a3079f0d6e4f8d78235363a842bc107e4f08fd457
-
SSDEEP
6144:WYa6NgSECqpOY00ZoaXPx9KYLENxmmz5g7oe29:WYbgQqpOY00zXPMW7U
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-