Overview

overview

10

Static

static

10

1180-58-0x...ry.exe

windows7-x64

10

1180-58-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1180-58-0x0000000000400000-0x0000000000421000-memory.dmp

  • Size

    132KB

  • Sample

    230502-np7qzsah29

  • MD5

    d0638bef0497793e70152a8a331e507d

  • SHA1

    8c85b331ae199dc779ab0ee67dfa4573088a24b0

  • SHA256

    32a4fdff92977f44145ef9a521d6eccdf1eb01ba3db83314fc97cc61fe90d0fd

  • SHA512

    b91cb5a14fe2a0dbcef8fc4254dc4eb2f4e3c7364e840c105280a75548d83683e420073ca5958e71743a8a76ac14cb0f0a8f2cc52e9176daf40e457465477c5d

  • SSDEEP

    1536:b/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioi6VUcUU1jx9c:rZTkLfhjFSiO3ocKMU1jj

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6055609563:AAEfBlANuysNS3Feagncr0tioVRR2TOueCY/sendMessage?chat_id=6188873948

Targets

    • Target

      1180-58-0x0000000000400000-0x0000000000421000-memory.dmp

    • Size

      132KB

    • MD5

      d0638bef0497793e70152a8a331e507d

    • SHA1

      8c85b331ae199dc779ab0ee67dfa4573088a24b0

    • SHA256

      32a4fdff92977f44145ef9a521d6eccdf1eb01ba3db83314fc97cc61fe90d0fd

    • SHA512

      b91cb5a14fe2a0dbcef8fc4254dc4eb2f4e3c7364e840c105280a75548d83683e420073ca5958e71743a8a76ac14cb0f0a8f2cc52e9176daf40e457465477c5d

    • SSDEEP

      1536:b/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioi6VUcUU1jx9c:rZTkLfhjFSiO3ocKMU1jj

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks