General
-
Target
b0cda6b337ec6eb6b4cf853e278fd6cd8bff9bf1cc6291cbdafef3f901af893b
-
Size
7KB
-
Sample
220905-qcrv4scbb3
-
MD5
3e289cd67b5a4afaa3f1e63d6e895dca
-
SHA1
de4c2cc67f1144d4b161c93c2780312be01d93b7
-
SHA256
b0cda6b337ec6eb6b4cf853e278fd6cd8bff9bf1cc6291cbdafef3f901af893b
-
SHA512
cadd382ab3b596b0ffc1abc2ebd9cce5c359df3add81c2cc1209aa7794bfc78fea56c0cbe0da38f5c6a69edee05ec962d820a9b29a1973a01fa3163f6813e7e8
-
SSDEEP
96:Dc0/EaWpJR+RND5BAh0lfRCpRNjZUnxRBqAxzNt:D1EaWV+RNjM0lkTlUxRBhT
Malware Config
Targets
-
-
Target
b0cda6b337ec6eb6b4cf853e278fd6cd8bff9bf1cc6291cbdafef3f901af893b
-
Size
7KB
-
MD5
3e289cd67b5a4afaa3f1e63d6e895dca
-
SHA1
de4c2cc67f1144d4b161c93c2780312be01d93b7
-
SHA256
b0cda6b337ec6eb6b4cf853e278fd6cd8bff9bf1cc6291cbdafef3f901af893b
-
SHA512
cadd382ab3b596b0ffc1abc2ebd9cce5c359df3add81c2cc1209aa7794bfc78fea56c0cbe0da38f5c6a69edee05ec962d820a9b29a1973a01fa3163f6813e7e8
-
SSDEEP
96:Dc0/EaWpJR+RND5BAh0lfRCpRNjZUnxRBqAxzNt:D1EaWV+RNjM0lkTlUxRBhT
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-