General
-
Target
5d81fbfb555468e8dbcaf4eb11db5eb50a0bef70df7e8322a84fac5d6cb88977.zip
-
Size
61KB
-
Sample
230321-qp3hdace8x
-
MD5
b59790f0e67e5e5cbeecfda5ac6810e0
-
SHA1
369f6b152741c7cd8ab3dfa0abd5b4a0f9a64919
-
SHA256
b45c44d30a6e1e3dbb3dead620f922f879742cad47e1b9176a78e767c9956d70
-
SHA512
a7939d955bf8001c755171c87ed83c4c1b06c5ce709c4dc3b4508716080d7ff99290ce9732090b3a75c2901cb9fdc1e0da513e3872150b392b5b2a71b7f3741a
-
SSDEEP
1536:30Gb1F3wwPWaXWZnWMtjHmHsW0sDY0aQFtYZ5:tb1CwPDOWMtLWpE0aSy
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5369570306:AAGakouymXOc8dp0WUuP_KaS81h9taRj_pk/sendMessage?chat_id=1884866272
Targets
-
-
Target
5d81fbfb555468e8dbcaf4eb11db5eb50a0bef70df7e8322a84fac5d6cb88977.exe
-
Size
125KB
-
MD5
88eeeb298fabd21ef29c0b89d7aee4f9
-
SHA1
6ceb6efa6b16293c8ab278d9f4276ad9af1ca653
-
SHA256
5d81fbfb555468e8dbcaf4eb11db5eb50a0bef70df7e8322a84fac5d6cb88977
-
SHA512
0ac2637718ca22b7ee102360fd324761b24e13c991615f93c7f6f8ede72474a372f3f664fac5bd72d04d4977c388d401c3bcaf6d78e655e31eba2b6a4b4b1547
-
SSDEEP
1536:A/w/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioZkcOqJ40eZgYAv:A0ZTkLfhjFSiO3o3kcqZZG
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-