blustealer | 3f6604df64307223a9a72e68f28c14d3cbf5af90549667839622b8e3490fbe8b | Triage

Submit
Reports

Overview

overview

Static

static

1

SOLICITUD ...23.exe

windows7-x64

SOLICITUD ...23.exe

windows10-2004-x64

Sharing

General

Target

SOLICITUD DE PRESUPUESTO-21-04-23.exe
Size

176KB
Sample

230421-llgpaafa24
MD5

6bbfbd022b3599e8e6d8876c4566073b
SHA1

b56a563f0deba1891f32866bf9385f91b3589bc0
SHA256

3f6604df64307223a9a72e68f28c14d3cbf5af90549667839622b8e3490fbe8b
SHA512

55e842618c3a9989c22fcbeff61c149f2e16e524ab23f7a28903b852ddbbe40defa9ab7931c06865c0bfd287a8a38b41032dcc62bd3aa144b6d84838b71a9ef7
SSDEEP

3072:6nI8rM4omSUr7Boj2PjY5Yo22cEuXTWcv2yMEmzQxcfxvXX4:6UunrHPym2STW0irn4

Score

10^/10

blustealer stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SOLICITUD DE PRESUPUESTO-21-04-23.exe

Resource

win7-20230220-en

blustealer stormkitty collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SOLICITUD DE PRESUPUESTO-21-04-23.exe

Resource

win10v2004-20230220-en

blustealer stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

- Target
  
  SOLICITUD DE PRESUPUESTO-21-04-23.exe
- Size
  
  176KB
- MD5
  
  6bbfbd022b3599e8e6d8876c4566073b
- SHA1
  
  b56a563f0deba1891f32866bf9385f91b3589bc0
- SHA256
  
  3f6604df64307223a9a72e68f28c14d3cbf5af90549667839622b8e3490fbe8b
- SHA512
  
  55e842618c3a9989c22fcbeff61c149f2e16e524ab23f7a28903b852ddbbe40defa9ab7931c06865c0bfd287a8a38b41032dcc62bd3aa144b6d84838b71a9ef7
- SSDEEP
  
  3072:6nI8rM4omSUr7Boj2PjY5Yo22cEuXTWcv2yMEmzQxcfxvXX4:6UunrHPym2STW0irn4
Score

10^/10

blustealer stormkitty collection spyware stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittycollectionspywarestealer

behavioral2

blustealerstormkittycollectionspywarestealer

© 2018-2024

Terms | Privacy