General
-
Target
a7c43614168c7da5d38466ca791f2e44
-
Size
58KB
-
Sample
220906-1a114sfeem
-
MD5
a7c43614168c7da5d38466ca791f2e44
-
SHA1
ced8d893f5ce528d368a466a260b54ff1bd8ca20
-
SHA256
c9b20473e36462f570d4f03109ccd29161030025fdc8d13fe7a53795aee424c8
-
SHA512
d84901beb38aad2c341eaac539ba68a080e51489eb3770da66fd5b2e38965b2ae48221d9a5904f0b4ed511e749ed9c36a1cc158caf9ad790f780bf663a74f32b
-
SSDEEP
768:b1wi8SQwtzcrjxDEo2WSl2WK+K1t0v3DkfZ+4Tb9RUg1oUBr0HRm+Ukhm0GH5RH0:5FQAzy+bK+MtkiHwyougYOm0ET92PZV
Malware Config
Targets
-
-
Target
286368248040.xlsm
-
Size
42KB
-
MD5
5cdfa549f5e80c05cf53baec3ebaab42
-
SHA1
5c7653c921c7414ebb0407d92bb7e84866572e9a
-
SHA256
462e92b06c97f897081e9a438b5bda04bd199e32690e9a04d063d485545e3da5
-
SHA512
c3b964067e294b1fe738f8359a7bfc3ed5401495dd8510ec0c7a6184dc8d62802859874286da4d80f0cf7a514ac474de98e5111436eb893e328a64d3d87a8f58
-
SSDEEP
768:EvjcKv+ssnbaBIJYfTH+niSpivDHvJv+nWtFFiKk/f/qt1pTxRN+nkaszH:EvLv+TbaG1B+TvJv+OFFi3/Hq31xikaQ
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-