General
-
Target
New Order.exe
-
Size
847KB
-
Sample
220813-vah8eaeeh8
-
MD5
c606b79a4bc00248caf9a9c34c27967c
-
SHA1
e6023105be92a970a854a3a935786dac7eb24bb4
-
SHA256
4649b0df03857384398c1b95c2e26768ed8a6198499a39d3efdb8d696ede4176
-
SHA512
3849116a967cbd303e138b3e384e433c53cd2779bde4538975c51bd4d8f8fa4b0414dbce17d41d28a1cb23f537ebad6ab60168a3a16349bb8844a48c8c860a72
Malware Config
Targets
-
-
Target
New Order.exe
-
Size
847KB
-
MD5
c606b79a4bc00248caf9a9c34c27967c
-
SHA1
e6023105be92a970a854a3a935786dac7eb24bb4
-
SHA256
4649b0df03857384398c1b95c2e26768ed8a6198499a39d3efdb8d696ede4176
-
SHA512
3849116a967cbd303e138b3e384e433c53cd2779bde4538975c51bd4d8f8fa4b0414dbce17d41d28a1cb23f537ebad6ab60168a3a16349bb8844a48c8c860a72
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-