blustealer | 81d63eb754d5bf8897acfeb9762031fbe00d197c45aed84f2fe069dcd78109a1 | Triage

Submit
Reports

Overview

overview

Static

static

fatura0023...df.exe

windows7-x64

fatura0023...df.exe

windows10-2004-x64

Sharing

General

Target

fatura002344567,pdf.exe
Size

266KB
Sample

230118-llgpaaaf9s
MD5

e8a06710a9e1f2ae99424343e6f79cbc
SHA1

661eccd39e082d74b28f0c2bba440d7b7f8033cd
SHA256

81d63eb754d5bf8897acfeb9762031fbe00d197c45aed84f2fe069dcd78109a1
SHA512

42743045b9a7dad90688a10cf2679f1256f13bea2d97d3117c84ba1eb17c16f81ad40e14858a246da6dd538ab834855560ae89394d945eb6679a3c4c7a844f6c
SSDEEP

6144:IYa6ub7aTUXh2l9RT70FYe5Avpc1jJdGuf:IYgXaW21W5Av25/f

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

fatura002344567,pdf.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

fatura002344567,pdf.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

- Target
  
  fatura002344567,pdf.exe
- Size
  
  266KB
- MD5
  
  e8a06710a9e1f2ae99424343e6f79cbc
- SHA1
  
  661eccd39e082d74b28f0c2bba440d7b7f8033cd
- SHA256
  
  81d63eb754d5bf8897acfeb9762031fbe00d197c45aed84f2fe069dcd78109a1
- SHA512
  
  42743045b9a7dad90688a10cf2679f1256f13bea2d97d3117c84ba1eb17c16f81ad40e14858a246da6dd538ab834855560ae89394d945eb6679a3c4c7a844f6c
- SSDEEP
  
  6144:IYa6ub7aTUXh2l9RT70FYe5Avpc1jJdGuf:IYgXaW21W5Av25/f
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2024

Terms | Privacy