Extracted

• • Target

    1088-63-0x0000000000400000-0x0000000000422000-memory.dmp

  • Size

    136KB

  • MD5

    9449c8cdccedd721a0cbe09c0b6affbd

  • SHA1

    90a4f7161f0ce4509788f01f2057b889c8eae919

  • SHA256

    bcc5de39bf3bbc5331d0e00e14213563058fa242eeab71a275a68d78b6e143ab

  • SHA512

    b07836419d067fe60c290cba214e2dadc06291d4da45cdc9b669183197c983648609ae2d92776284f494168a4ddfa7e4b81a61ee73d9a8f41f1ed737e1843ece

  • SSDEEP

    1536:t/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViokHdJQwFrXjm3:JZTkLfhjFSiO3o6/FHI

  Score

  10^/10

  stormkittycollectionstealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2