General
-
Target
SWIFT - IMG 20220905 20001 -00101.PDF.exe
-
Size
850KB
-
Sample
220905-spkzfabadk
-
MD5
ba0a3767d9f4b6f473ea3b12869d6314
-
SHA1
dbfe70f2daa387156e5e16d64147301d1d2b6906
-
SHA256
0222699a1f6b466c2f55cd2641ee2c9d4a67f31555a5b6e3abf47753b060eb87
-
SHA512
b45915d021d30cb03a456e5854c9ce0e62056c61f0ccfd9addf5e9d8c23af49635f957a006ffef40b99bdc5c04d1234cc516e047a246491f6601c2f0ba6fea70
-
SSDEEP
12288:RzQZimyXqWjsZ5uEd2iNB/BsKS19gpje+cdGTCY4hZb/wokI3ZYKI+X4t0QnNITb:e0X/W5X15dScpK+D8bYWZd5m0Qna
Malware Config
Targets
-
-
Target
SWIFT - IMG 20220905 20001 -00101.PDF.exe
-
Size
850KB
-
MD5
ba0a3767d9f4b6f473ea3b12869d6314
-
SHA1
dbfe70f2daa387156e5e16d64147301d1d2b6906
-
SHA256
0222699a1f6b466c2f55cd2641ee2c9d4a67f31555a5b6e3abf47753b060eb87
-
SHA512
b45915d021d30cb03a456e5854c9ce0e62056c61f0ccfd9addf5e9d8c23af49635f957a006ffef40b99bdc5c04d1234cc516e047a246491f6601c2f0ba6fea70
-
SSDEEP
12288:RzQZimyXqWjsZ5uEd2iNB/BsKS19gpje+cdGTCY4hZb/wokI3ZYKI+X4t0QnNITb:e0X/W5X15dScpK+D8bYWZd5m0Qna
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-