Extracted

• • Target

    hesaphareketi-01.pdf.exe

  • Size

    933KB

  • MD5

    6a81e1ecfdd0d555504d0718cf22e557

  • SHA1

    73ed263a3f8de8aa99590dd240105b3f6b737150

  • SHA256

    e57050b46da3903b314d721bfb34e69ad18b8906d29b0193dd155981e5f37807

  • SHA512

    2660c2625e9d435cc8afbf57ba1197a02968ef046342877a62a42bcece7ebde8b40748371c0019b43c4f17a669ad614992be5ce4bf5283aba752fd59973b86f1

  • SSDEEP

    12288:Km2iNhdGxvM/Ht1+uRo3MRU/1gKv6BdDaLFgha6lBFbJXlG:91xG+HtcuRLig06TCFgNvFtXlG

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2