General
-
Target
SecuriteInfo.com.Trojan.GenericKD.61840930.17377.7620.exe
-
Size
161KB
-
Sample
220908-m3d56aedc9
-
MD5
15c9f1c169e3c865751bfd982558764f
-
SHA1
2da54d454e1465d475308604fc1fdd1e05f47a86
-
SHA256
cfcd7de22c049bdefa98959de3072b2bfc12e280193d43e4749a84e48ba665b6
-
SHA512
319096edbf164999491ee4d533d5e3a6d62a43695752d1265bf20bffef64ea6da64d1ff6cce87711ce9b86046132087c2daba72802b8326e8fca2a6a6bad4d24
-
SSDEEP
3072:xPJAN1NYJJZxyRkIMZ+K9pnF7Nw03lmNn64YCwPYaTCHGRm02ZJdaHodiVyx9HMc:x41NYjzaMZ+ApnVNVQNn64YFYaT7DodH
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.61840930.17377.7620.exe
-
Size
161KB
-
MD5
15c9f1c169e3c865751bfd982558764f
-
SHA1
2da54d454e1465d475308604fc1fdd1e05f47a86
-
SHA256
cfcd7de22c049bdefa98959de3072b2bfc12e280193d43e4749a84e48ba665b6
-
SHA512
319096edbf164999491ee4d533d5e3a6d62a43695752d1265bf20bffef64ea6da64d1ff6cce87711ce9b86046132087c2daba72802b8326e8fca2a6a6bad4d24
-
SSDEEP
3072:xPJAN1NYJJZxyRkIMZ+K9pnF7Nw03lmNn64YCwPYaTCHGRm02ZJdaHodiVyx9HMc:x41NYjzaMZ+ApnVNVQNn64YFYaT7DodH
Score10/10-
BluStealer
A Modular information stealer written in Visual Basic.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-