blustealer | ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354 | Triage

Submit
Reports

Overview

overview

Static

static

1

hesapharek...pdf.js

windows7-x64

hesapharek...pdf.js

windows10-2004-x64

Sharing

General

Target

hesaphareketi-01.pdf.js
Size

410KB
Sample

230809-v9fassea38
MD5

bcb9093850861749082e61b189227937
SHA1

0af77c3cd52b18828eb1a77867ce05e05d5bc31b
SHA256

ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354
SHA512

ce52bdd09673a56d968f14ca5c25ffa7040c143045f582f00630720bfa3f29b24f45145c6374cd051052411846cc14cb6c2d6bce0715dbf9b0153ebbef4e91db
SSDEEP

6144:8Fo+/qDQ5e3ID89uFO1U0PZbXWDtZTuAMmoqME+NYloH:vh8uID8O0xbyZTxZOYQ

Score

10^/10

blustealer stormkitty stealer

Static task

static1

Behavioral task

behavioral1

Sample

hesaphareketi-01.pdf.js

Resource

win7-20230712-en

blustealer stormkitty stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

hesaphareketi-01.pdf.js

Resource

win10v2004-20230703-en

blustealer stormkitty stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

- Target
  
  hesaphareketi-01.pdf.js
- Size
  
  410KB
- MD5
  
  bcb9093850861749082e61b189227937
- SHA1
  
  0af77c3cd52b18828eb1a77867ce05e05d5bc31b
- SHA256
  
  ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354
- SHA512
  
  ce52bdd09673a56d968f14ca5c25ffa7040c143045f582f00630720bfa3f29b24f45145c6374cd051052411846cc14cb6c2d6bce0715dbf9b0153ebbef4e91db
- SSDEEP
  
  6144:8Fo+/qDQ5e3ID89uFO1U0PZbXWDtZTuAMmoqME+NYloH:vh8uID8O0xbyZTxZOYQ
Score

10^/10

blustealer stormkitty stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittystealer

behavioral2

blustealerstormkittystealer

© 2018-2024

Terms | Privacy