blustealer | 3f72559d8006b06384919574af6bfbc80f6dc43774cd56c0754ae2cc8898ef83 | Triage

Submit
Reports

Overview

overview

Static

static

Halkbank_E...oc.exe

windows7-x64

Halkbank_E...oc.exe

windows10-2004-x64

Sharing

General

Target

Halkbank_Ekstre_202301901_142426_2309801.doc.exe
Size

440KB
Sample

230119-kgfqrafe29
MD5

5497b520750b56b52f2e83664c42b8b9
SHA1

e954f6a3e4e870d07045607c0e8a68a6b81a8fcd
SHA256

3f72559d8006b06384919574af6bfbc80f6dc43774cd56c0754ae2cc8898ef83
SHA512

7290cce10407c967ae7bb00b618b0123af1df127dcd69062f174ba0b87a772cd2bb0af9c6380ecd3f21f99e071ea8c7febcc057f838db72590600980be9bbcb2
SSDEEP

6144:ZYa6dITud1s4W8q9UdkRmDzR8ffwtQozmodL1qjF/2+oE8eTbYNwESdXTx:ZYcTudK4WL9lUAAtioZIjHoE84nf

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

Halkbank_Ekstre_202301901_142426_2309801.doc.exe

Resource

win7-20220812-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Halkbank_Ekstre_202301901_142426_2309801.doc.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

- Target
  
  Halkbank_Ekstre_202301901_142426_2309801.doc.exe
- Size
  
  440KB
- MD5
  
  5497b520750b56b52f2e83664c42b8b9
- SHA1
  
  e954f6a3e4e870d07045607c0e8a68a6b81a8fcd
- SHA256
  
  3f72559d8006b06384919574af6bfbc80f6dc43774cd56c0754ae2cc8898ef83
- SHA512
  
  7290cce10407c967ae7bb00b618b0123af1df127dcd69062f174ba0b87a772cd2bb0af9c6380ecd3f21f99e071ea8c7febcc057f838db72590600980be9bbcb2
- SSDEEP
  
  6144:ZYa6dITud1s4W8q9UdkRmDzR8ffwtQozmodL1qjF/2+oE8eTbYNwESdXTx:ZYcTudK4WL9lUAAtioZIjHoE84nf
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2024

Terms | Privacy