Extracted

• • Target

    boondoggling.exe

  • Size

    148KB

  • MD5

    735f44c1c75f9ad2268ec7f15b5effee

  • SHA1

    d2956ee07da679bff71f1be4364e5abdcd9bee85

  • SHA256

    bd6d1b130e5702e68f7940f58df1b1cf53b29390dfe0e4424dff567d3d2330c5

  • SHA512

    7f8e7c24f840677fbeee72aacfc482b100f52fcb0b961478ae127230fae143d9ac57ddbba30cabaf1df44d62cb8941fc1b6a03ebc57aa35316ef8a58220038c6

  • SSDEEP

    1536:LH7w/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioMZYCM99l8INLE2d7tXQQCy:LHgZTkLfhjFSiO3o6ZYC7C/dSI

  Score

  10^/10

  stormkittycollectionstealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2