blustealer | da74712fd5cd155ff0404941b52156174ba6a52d8044c32657fa24901ba8dd74 | Triage

Submit
Reports

Overview

overview

Static

static

hesaphareketi-01.exe

windows7-x64

hesaphareketi-01.exe

windows10-2004-x64

Sharing

General

Target

hesaphareketi-01.exe
Size

304KB
Sample

230117-kbvygsch84
MD5

437350bea5c6a15743708e40d626f6a2
SHA1

84bcc16bd74838d3103308d1c34cf86f5870f2ce
SHA256

da74712fd5cd155ff0404941b52156174ba6a52d8044c32657fa24901ba8dd74
SHA512

8202e803cd81867320d4555d097b11b569020bc14e45b165233d4e6cf7e07d34fb88daf18be7944a5c2295f6087c3cc8e18656d3e9a4d5a99b80ff829d9c189c
SSDEEP

6144:QYa69gSECqpOY0XngP6sW+/2zPELRV0nYvusV4Lh+FDciFq2FVIyMRX7J:QYLgQqpOY0XngPkLzAAnYvVV1DVNVIhX

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

hesaphareketi-01.exe

Resource

win7-20221111-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

hesaphareketi-01.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

- Target
  
  hesaphareketi-01.exe
- Size
  
  304KB
- MD5
  
  437350bea5c6a15743708e40d626f6a2
- SHA1
  
  84bcc16bd74838d3103308d1c34cf86f5870f2ce
- SHA256
  
  da74712fd5cd155ff0404941b52156174ba6a52d8044c32657fa24901ba8dd74
- SHA512
  
  8202e803cd81867320d4555d097b11b569020bc14e45b165233d4e6cf7e07d34fb88daf18be7944a5c2295f6087c3cc8e18656d3e9a4d5a99b80ff829d9c189c
- SSDEEP
  
  6144:QYa69gSECqpOY0XngP6sW+/2zPELRV0nYvusV4Lh+FDciFq2FVIyMRX7J:QYLgQqpOY0XngPkLzAAnYvVV1DVNVIhX
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2024

Terms | Privacy