Overview

overview

10

Static

static

10

BlitzedGra...12.exe

windows7-x64

10

BlitzedGra...12.exe

windows10-2004-x64

10

BlitzedGra...xe.xml

windows7-x64

3

BlitzedGra...xe.xml

windows10-2004-x64

1

BlitzedGra...OR.dll

windows7-x64

1

BlitzedGra...OR.dll

windows10-2004-x64

1

BlitzedGra...to.dll

windows7-x64

1

BlitzedGra...to.dll

windows10-2004-x64

1

BlitzedGra...on.dll

windows7-x64

1

BlitzedGra...on.dll

windows10-2004-x64

1

BlitzedGra...le.exe

windows7-x64

3

BlitzedGra...le.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlitzedGrabberV12-main.zip

  • Size

    2.6MB

  • Sample

    240921-r127esxfrj

  • MD5

    1c3a59773a10eabba9d740e795ad50f1

  • SHA1

    dcde9cb05a58366c7beff1f6f61b3a965ce22c59

  • SHA256

    43ee56d9325525f211d0b7176e842d8feec0b6a64a7c0ac1bcbc5ed246f53251

  • SHA512

    f962642df418c171694a2aa2f3974764ba224ec1056eb6144ce83c05ce4aebdfdc65dd29fcff09d02b6cc8f528bced95ee43fc269e5aac68fe266dcab7adce47

  • SSDEEP

    49152:E+Iu5E9bijaLoadDJ988Kssx0T+Sk6BU7HIFU7G98gQCT1o9IPzq:E+t5EhijaJdT85x0T+SrpeG9WIDu

Score
10/10
stormkittycredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      BlitzedGrabberV12-main/BlitzedGrabberV12.exe

    • Size

      1.3MB

    • MD5

      50ab1ba628233eacd9df1f88b691e32f

    • SHA1

      a57c3265a98c1ab252b5311da8c176cad99c71fb

    • SHA256

      cffee64da9161e6771e6e40552c378586beed6cf8c8729e21a193cbef9227f41

    • SHA512

      f3ef38967f116b7d8dbc29ce30b44dba9a0f74f72eddcdb8c3e957432a50e40069565a6d5a2e25f0e5502f81a96f84ddc36f53154247c6638c1f10ee0eb956bd

    • SSDEEP

      24576:uSONXaV9x4IUgs36BUI2So5+jnzFoCaGApu8SO00rI:u70T+Sk6BU7HIFo7G98SOFE

    Score
    10/10
    stormkittycredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      BlitzedGrabberV12-main/BlitzedGrabberV12.exe.config

    • Size

      319B

    • MD5

      a92db228102d690d07828f71a4171b70

    • SHA1

      e7ff5e84a7932456df217e4775ad2c4b54f95521

    • SHA256

      d4ff8811d9ca86df9fdc62cc0d5395947683456997a0599dedd3606f9eda3d44

    • SHA512

      0018e4c3d88a74a35682a5c46bff4bd8887d717fad464adfc31eaf8e69859b4406b1488e2e483b41c72195b00580e9b0b6b1eb3495004542ff728b54a64e7472

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      BlitzedGrabberV12-main/resources/APIFOR.DLL

    • Size

      13KB

    • MD5

      91b4d211faddb0ebc64fb000d75d96c1

    • SHA1

      ba496c122f8e562ff0a4fb272a68f0b9e7bf0a3c

    • SHA256

      e47ab6fb21bd8943f63d79387533abac0c2bd98245546df44c4f333d8013c4de

    • SHA512

      3f16b0b4618d446d0e42ed2063c611b4ffa72a5b0ff438df5286a216167881737e65d494aa12186e511690eaca2f51c00889c9eae5ab6392c1edf885e5592919

    • SSDEEP

      192:NVjzYtxJYPX7OdfdnHpZt8kit/2Y3ciPYEC3qHa:NVgbkXK5NHpZikit/NYE4qHa

    Score
    1/10
    behavioral5behavioral6

    • Target

      BlitzedGrabberV12-main/resources/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      3551343fab213740bbb022e3a6dcf27b

    • SHA1

      de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

    • SHA256

      5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

    • SHA512

      e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

    • SSDEEP

      49152:3CTzhVM0AU5d3UOhq8hmReOUJfd5T3D+VTQlgQeCKbu9kQLO0:GwU5d3vhzhmoOmfd5rqX0

    Score
    1/10
    behavioral7behavioral8

    • Target

      BlitzedGrabberV12-main/resources/Newtonsoft.Json.dll

    • Size

      492KB

    • MD5

      5e02ddaf3b02e43e532fc6a52b04d14b

    • SHA1

      67f0bd5cfa3824860626b6b3fff37dc89e305cec

    • SHA256

      78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb

    • SHA512

      38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

    • SSDEEP

      12288:axrplPT3qwNBC3wl1zVh0Yg0pJy/qleTpfZLQ0so/VHjh:a1plPGwNBC3UOwVeLQ0so/VH

    Score
    1/10
    behavioral10behavioral9

    • Target

      BlitzedGrabberV12-main/resources/UltraEmbeddable.exe

    • Size

      465KB

    • MD5

      b6b77d0798d39d7fadd69784c4e47c30

    • SHA1

      967af699bd9e0f2f20b0743323e5cdd6c3767ea2

    • SHA256

      e5c9880090d757207a5cd373f5e1d20c42d7486c742b3a30a2ee741a7aef5ef8

    • SHA512

      5140dcebbeb53c8e74364de824d78d6c5fddcfa08f0ac38ff0d898e71bf4f8630f3b529571a7f64be00981e83af7f85a9b6665aedfaf7f0720995fae8a8e28d6

    • SSDEEP

      12288:MXUNgkAIMflOWTUpGY5ObqRKd6G2nHVxxd/2KO:QUNdJMNOWTUQveYd6fHnxsKO

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks