General
-
Target
swift.exe
-
Size
748KB
-
Sample
220829-g8sb3schgr
-
MD5
540985315d9b263a1dea5285e2b00782
-
SHA1
f8765bbbdce220e3090cdac3a2e915a73b8d4393
-
SHA256
629d37e0a390d5e32a6896c94cf2751e773a3031302f95ceac300af47b6a3f44
-
SHA512
d8c9cbe2c81027da34c8892965dc8b4d30f00da23c845ce835d35c4c746e26e6910fad497b64cda77f53145c518e589104578989bab88a609e8fd15cbb26e5c8
-
SSDEEP
12288:n+ZV2iNanwHSHe+IYPMutQuPh2bhMuLD9F6hQLRhpn6QgrAvR+Jy5dxuc5fvN6zI:ng18naPYhe2uX99X6Q1vkcv3czWsDc
Malware Config
Targets
-
-
Target
swift.exe
-
Size
748KB
-
MD5
540985315d9b263a1dea5285e2b00782
-
SHA1
f8765bbbdce220e3090cdac3a2e915a73b8d4393
-
SHA256
629d37e0a390d5e32a6896c94cf2751e773a3031302f95ceac300af47b6a3f44
-
SHA512
d8c9cbe2c81027da34c8892965dc8b4d30f00da23c845ce835d35c4c746e26e6910fad497b64cda77f53145c518e589104578989bab88a609e8fd15cbb26e5c8
-
SSDEEP
12288:n+ZV2iNanwHSHe+IYPMutQuPh2bhMuLD9F6hQLRhpn6QgrAvR+Jy5dxuc5fvN6zI:ng18naPYhe2uX99X6Q1vkcv3czWsDc
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-