General
-
Target
doc20220901 0200222 -0222.PDF.exe
-
Size
23KB
-
Sample
220901-jmjh6aachn
-
MD5
9ff132c364661e1139e8064c536ca67e
-
SHA1
e5c18362018b99ae688bdecd77c333c3088673a6
-
SHA256
c68294e867c285f5ec14441b9af0ac662a3b71822ee9432d82e6dd07e41778a7
-
SHA512
7629d709e8d871b43bfa8bd6bba36fcc09ca01658ffc23e04acec067c20c93615d9e4da43a0cced044e0e5d78d05615627176bdd60efb1d259ccb184ec71a03f
-
SSDEEP
384:hDBL3eKUFxi7RRLRIILxEUaNePqRpimmtIEQ675TKn8Svod2JzFlXYmnZzjcNrb1:hDBLaxi7RRNvLxOzRphL6lu8SvoYym0l
Malware Config
Targets
-
-
Target
doc20220901 0200222 -0222.PDF.exe
-
Size
23KB
-
MD5
9ff132c364661e1139e8064c536ca67e
-
SHA1
e5c18362018b99ae688bdecd77c333c3088673a6
-
SHA256
c68294e867c285f5ec14441b9af0ac662a3b71822ee9432d82e6dd07e41778a7
-
SHA512
7629d709e8d871b43bfa8bd6bba36fcc09ca01658ffc23e04acec067c20c93615d9e4da43a0cced044e0e5d78d05615627176bdd60efb1d259ccb184ec71a03f
-
SSDEEP
384:hDBL3eKUFxi7RRLRIILxEUaNePqRpimmtIEQ675TKn8Svod2JzFlXYmnZzjcNrb1:hDBLaxi7RRNvLxOzRphL6lu8SvoYym0l
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-