Overview

overview

10

Static

static

TRANSFERIR...23.exe

windows7-x64

10

TRANSFERIR...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TRANSFERIR COPIA_26-01-2023.exe

  • Size

    124KB

  • Sample

    230126-jazdvach73

  • MD5

    6b6158281be7a4c6d27c26a19584a506

  • SHA1

    642977b3de3a0d226859228dae11cb5d74ff0472

  • SHA256

    d7cd5ce46ffb8abe6ee2cb0c2a9f6528d8121fb90bd4072e71cd901099885eb3

  • SHA512

    ad9fda9a3a6f251f5bbfecf0a7b0aac322f9593e2ceca758aeaef42f651351ca0b77e346651f7b25cbfdb2d05b8fb1f7bb40e50bd7fbff78c4099c9905f8f506

  • SSDEEP

    3072:hzVvRQ0DOtiT3VLK8LEN7m8lneeF1eujsqk7jx++eH6:hpJpOtQON7m8de6okkB++eH

Score
10/10
blustealerstormkittycollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      TRANSFERIR COPIA_26-01-2023.exe

    • Size

      124KB

    • MD5

      6b6158281be7a4c6d27c26a19584a506

    • SHA1

      642977b3de3a0d226859228dae11cb5d74ff0472

    • SHA256

      d7cd5ce46ffb8abe6ee2cb0c2a9f6528d8121fb90bd4072e71cd901099885eb3

    • SHA512

      ad9fda9a3a6f251f5bbfecf0a7b0aac322f9593e2ceca758aeaef42f651351ca0b77e346651f7b25cbfdb2d05b8fb1f7bb40e50bd7fbff78c4099c9905f8f506

    • SSDEEP

      3072:hzVvRQ0DOtiT3VLK8LEN7m8lneeF1eujsqk7jx++eH6:hpJpOtQON7m8de6okkB++eH

    Score
    10/10
    blustealerstormkittycollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks