General
-
Target
d617cfaf2f5cfcb5c50ecc28d0d02582.exe
-
Size
406KB
-
Sample
220817-qnjnwabaf8
-
MD5
d617cfaf2f5cfcb5c50ecc28d0d02582
-
SHA1
63a2d370a2c0ef547cc7a78e220e0d9021e2b4a1
-
SHA256
4a4d5455c9e941082c8c08a96102afc9d33abc40985bfcc00b6bee8c098066fd
-
SHA512
857a130effc4aca8d5cebaaa78eace06242e7f96332553f5676f4670fdfdab45eed3306475d8e3a9ad7facf4e3b5cceac9aeb7e25c394a82324499e0b78fe8f0
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6EDdreIfh:GENN+T5xYrllrU7QY6Irh
Malware Config
Targets
-
-
Target
d617cfaf2f5cfcb5c50ecc28d0d02582.exe
-
Size
406KB
-
MD5
d617cfaf2f5cfcb5c50ecc28d0d02582
-
SHA1
63a2d370a2c0ef547cc7a78e220e0d9021e2b4a1
-
SHA256
4a4d5455c9e941082c8c08a96102afc9d33abc40985bfcc00b6bee8c098066fd
-
SHA512
857a130effc4aca8d5cebaaa78eace06242e7f96332553f5676f4670fdfdab45eed3306475d8e3a9ad7facf4e3b5cceac9aeb7e25c394a82324499e0b78fe8f0
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6EDdreIfh:GENN+T5xYrllrU7QY6Irh
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-