Overview

overview

10

Static

static

1

SOLICITU.exe

windows7-x64

10

SOLICITU.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOLICITUD DE PRESUPUESTO-21-04-23.ISO.iso

  • Size

    1.2MB

  • Sample

    230421-njt8psfc54

  • MD5

    ef2804658e8b5ef5b700d72a36b667cc

  • SHA1

    e085db0ae7425a55d92ad7d11fd065ff3a48f86f

  • SHA256

    35cd45fe0886a34247586537bf5b1aed29f5a8e40cb7055f715e052e9084543a

  • SHA512

    53e9417f1a09f9782fd2ab447ebd7529358fb0a0ebdb92a4966e05e6c71e66eee9dc3ee3a686fa980395a7eb5e55716f9010995d9ece115fb373f0c94a419775

  • SSDEEP

    3072:BnI8rM4omSUr7Boj2PjY5Yo22cEuXTWcv2yMEmzQxcfxvXX4:BUunrHPym2STW0irn4

Score
10/10
blustealerstormkittycollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5627356603:AAG-Mx0TbSHRRW6IwndrpX3VLZdhd6C-Zac/sendMessage?chat_id=5472437377

Targets

    • Target

      SOLICITU.EXE

    • Size

      176KB

    • MD5

      6bbfbd022b3599e8e6d8876c4566073b

    • SHA1

      b56a563f0deba1891f32866bf9385f91b3589bc0

    • SHA256

      3f6604df64307223a9a72e68f28c14d3cbf5af90549667839622b8e3490fbe8b

    • SHA512

      55e842618c3a9989c22fcbeff61c149f2e16e524ab23f7a28903b852ddbbe40defa9ab7931c06865c0bfd287a8a38b41032dcc62bd3aa144b6d84838b71a9ef7

    • SSDEEP

      3072:6nI8rM4omSUr7Boj2PjY5Yo22cEuXTWcv2yMEmzQxcfxvXX4:6UunrHPym2STW0irn4

    Score
    10/10
    blustealerstormkittycollectionspywarestealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks