blustealer | d03d5b49976a7d150f77a892f429ed698246930ba82e538b25f7835d67b9323d | Triage

Submit
Reports

Overview

overview

Static

static

hesapharek...df.exe

windows7-x64

hesapharek...df.exe

windows10-2004-x64

Sharing

General

Target

hesaphareketi-01.pdf.exe
Size

358KB
Sample

230201-j5j8eace46
MD5

587a57c6f8590b6367d67b17fce54c0d
SHA1

cbe56fc0d05531d2d9e7f5c4ef628e1a9941fba7
SHA256

d03d5b49976a7d150f77a892f429ed698246930ba82e538b25f7835d67b9323d
SHA512

3830c61306e797465d480e6330666575669d2e5860595c6378c270b5fcc60e0b13fc0cc51f8b95b6871f21d923c99a950027a9c7138efc28766308800a11c1d2
SSDEEP

6144:oYa6Si77eBf68RvZWDvY4dUk931r+qzmnblebHqHhfM:oY4i46GhWDTldzacHqBU

Score

10^/10

blustealer stormkitty collection stealer

Static task

static1

Behavioral task

behavioral1

Sample

hesaphareketi-01.pdf.exe

Resource

win7-20221111-en

blustealer stormkitty collection stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

hesaphareketi-01.pdf.exe

Resource

win10v2004-20220812-en

blustealer stormkitty collection stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896

Targets

- Target
  
  hesaphareketi-01.pdf.exe
- Size
  
  358KB
- MD5
  
  587a57c6f8590b6367d67b17fce54c0d
- SHA1
  
  cbe56fc0d05531d2d9e7f5c4ef628e1a9941fba7
- SHA256
  
  d03d5b49976a7d150f77a892f429ed698246930ba82e538b25f7835d67b9323d
- SHA512
  
  3830c61306e797465d480e6330666575669d2e5860595c6378c270b5fcc60e0b13fc0cc51f8b95b6871f21d923c99a950027a9c7138efc28766308800a11c1d2
- SSDEEP
  
  6144:oYa6Si77eBf68RvZWDvY4dUk931r+qzmnblebHqHhfM:oY4i46GhWDTldzacHqBU
Score

10^/10

blustealer stormkitty collection stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionstealer

behavioral2

blustealerstormkittycollectionstealer

© 2018-2024

Terms | Privacy