General
-
Target
SecuriteInfo.com.IL.Trojan.MSILMamut.6339.18594.2556
-
Size
598KB
-
Sample
220814-szq87sfefn
-
MD5
310752f7cbe9fbec00f7107d1c669813
-
SHA1
0a0388a795fb88624fdeb39fe9abef09f5cf609d
-
SHA256
2d127dea1f6345c2027dbf93c109f7d7758f5bb396c9d47caa593a5039c05778
-
SHA512
7c7cbb7edd5ba152be1ff64940fa05dfab330e7c739102dadc0df1e2028e823a69b1b3c37aa463cfb7fe9e9ff0ce7218c2c48e60ecc50d36873d06b00eeb9a04
Malware Config
Targets
-
-
Target
SecuriteInfo.com.IL.Trojan.MSILMamut.6339.18594.2556
-
Size
598KB
-
MD5
310752f7cbe9fbec00f7107d1c669813
-
SHA1
0a0388a795fb88624fdeb39fe9abef09f5cf609d
-
SHA256
2d127dea1f6345c2027dbf93c109f7d7758f5bb396c9d47caa593a5039c05778
-
SHA512
7c7cbb7edd5ba152be1ff64940fa05dfab330e7c739102dadc0df1e2028e823a69b1b3c37aa463cfb7fe9e9ff0ce7218c2c48e60ecc50d36873d06b00eeb9a04
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-