blustealer | f4ad7b13417d362b3b2d2fbc085f85065da00f486a97a66643badb5d3a2d74ea | Triage

Submit
Reports

Overview

overview

Static

static

1

ba6268a419...354.js

windows7-x64

ba6268a419...354.js

windows10-2004-x64

Sharing

General

Target

bcb9093850861749082e61b189227937.bin
Size

242KB
Sample

230811-cgybssab24
MD5

2d89c6cc0b32857cd4d2efbf34956879
SHA1

b7d8331c1283340a72157f68d4d54eff754a343f
SHA256

f4ad7b13417d362b3b2d2fbc085f85065da00f486a97a66643badb5d3a2d74ea
SHA512

10095e26cf4f956e498ade34c44cc4d625849d6e976be9d6ecd459a9a20f1875e874f1b063b7716707687e413af7948c681505046d2f66a5d51499892b54a05a
SSDEEP

6144:6HZ2O6udfAx9sSTDsSS8F+SjtjHxJpC5NYDu4+TOA+S:6HEafAxDTlF+SBjHY5mDu4+T11

Score

10^/10

blustealer stormkitty stealer

Static task

static1

Behavioral task

behavioral1

Sample

ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354.js

Resource

win7-20230712-en

blustealer stormkitty stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354.js

Resource

win10v2004-20230703-en

blustealer stormkitty stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5374342837:AAHF-c1HAIvNCdF89VuEdNggsL2YBlpgkSE/sendMessage?chat_id=2133303215

Targets

- Target
  
  ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354.js
- Size
  
  410KB
- MD5
  
  bcb9093850861749082e61b189227937
- SHA1
  
  0af77c3cd52b18828eb1a77867ce05e05d5bc31b
- SHA256
  
  ba6268a4198e952cbf7f0cd2af1151207dd0271331069176394539011db32354
- SHA512
  
  ce52bdd09673a56d968f14ca5c25ffa7040c143045f582f00630720bfa3f29b24f45145c6374cd051052411846cc14cb6c2d6bce0715dbf9b0153ebbef4e91db
- SSDEEP
  
  6144:8Fo+/qDQ5e3ID89uFO1U0PZbXWDtZTuAMmoqME+NYloH:vh8uID8O0xbyZTxZOYQ
Score

10^/10

blustealer stormkitty stealer
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blustealerstormkittystealer

behavioral2

blustealerstormkittystealer

© 2018-2024

Terms | Privacy