Overview

overview

10

Static

static

SecuriteIn...19.exe

windows7-x64

10

SecuriteIn...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.21119.exe

  • Size

    1.0MB

  • Sample

    220906-lnrl9sgacn

  • MD5

    be87af43c49cccb661e14ffdbcd7009c

  • SHA1

    d586ed55ac6135f2cd369a5ff904f0b55eb3bcf3

  • SHA256

    c770ddf80ec05a624d91aa9635b20dc5978a057847e1750135dc418e18ac24b6

  • SHA512

    b8105901d77c95d7f3770dc8a0181242d4bb434e6627368b7ef676ee5edbf5e290dc2832d04635487eb5a996e44023dad5bdd57978705aad686c9d4ce8432b16

  • SSDEEP

    12288:gfb41hw4e/ehLrz20Ww07Y62PGyDQc1tjpqIjB0yVKSIP2iEMJCbV21hw4e/:SL4LJln070Rke9ukFAvENbVx4

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.21119.exe

    • Size

      1.0MB

    • MD5

      be87af43c49cccb661e14ffdbcd7009c

    • SHA1

      d586ed55ac6135f2cd369a5ff904f0b55eb3bcf3

    • SHA256

      c770ddf80ec05a624d91aa9635b20dc5978a057847e1750135dc418e18ac24b6

    • SHA512

      b8105901d77c95d7f3770dc8a0181242d4bb434e6627368b7ef676ee5edbf5e290dc2832d04635487eb5a996e44023dad5bdd57978705aad686c9d4ce8432b16

    • SSDEEP

      12288:gfb41hw4e/ehLrz20Ww07Y62PGyDQc1tjpqIjB0yVKSIP2iEMJCbV21hw4e/:SL4LJln070Rke9ukFAvENbVx4

    Score
    10/10
    blustealerstormkittycollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks