blustealer | 5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56 | Triage

Submit
Reports

Overview

overview

Static

static

1

5afb4e6a86...56.exe

windows7-x64

5afb4e6a86...56.exe

windows10-2004-x64

Sharing

General

Target

5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56.exe
Size

205KB
Sample

230808-qcmamaec5s
MD5

31503bd1455f4dc0288263ecbc7af2d4
SHA1

ac35a7aa76f1b8c9be148f2a835adb12295125ce
SHA256

5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56
SHA512

0dc1124cf9b6189e43a4cddd9045e2f13845e6d935fd72faee52331fc070c0a979a66657df0332c91850e620bdf368bab0d33561fc6051055b1597ad2a7e0f5a
SSDEEP

3072:ayEdA7fMpvQVOl3uutPT8ahmHwbQ6rLr4UEW4FP1y86vLabNCdRQav3Iyc2Ab8Fs:a23UTLhmQs6rlEWApqLaUdRrPAbin4

Score

10^/10

blustealer stormkitty stealer

Static task

static1

Behavioral task

behavioral1

Sample

5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56.exe

Resource

win7-20230712-en

blustealer stormkitty stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56.exe

Resource

win10v2004-20230703-en

blustealer stormkitty stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot6055609563:AAEfBlANuysNS3Feagncr0tioVRR2TOueCY/sendMessage?chat_id=6188873948

Targets

- Target
  
  5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56.exe
- Size
  
  205KB
- MD5
  
  31503bd1455f4dc0288263ecbc7af2d4
- SHA1
  
  ac35a7aa76f1b8c9be148f2a835adb12295125ce
- SHA256
  
  5afb4e6a861525cd433a70e5249c5a85573b4282f1b292e175f4737ba13eff56
- SHA512
  
  0dc1124cf9b6189e43a4cddd9045e2f13845e6d935fd72faee52331fc070c0a979a66657df0332c91850e620bdf368bab0d33561fc6051055b1597ad2a7e0f5a
- SSDEEP
  
  3072:ayEdA7fMpvQVOl3uutPT8ahmHwbQ6rLr4UEW4FP1y86vLabNCdRQav3Iyc2Ab8Fs:a23UTLhmQs6rlEWApqLaUdRrPAbin4
Score

10^/10

blustealer stormkitty stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

blustealerstormkittystealer

behavioral2

blustealerstormkittystealer

© 2018-2024

Terms | Privacy