Extracted

• • Target

    01c931d8ce67e3ac95f9f78ac811ec0dfcc59b068d13341c77bd6a677cd35a0a.exe

  • Size

    21KB

  • MD5

    4faf6ca4dae38767007b38e7c300d4f2

  • SHA1

    fa8cb35eba4d4e9719dddb30ddd3e00ebdccf69c

  • SHA256

    01c931d8ce67e3ac95f9f78ac811ec0dfcc59b068d13341c77bd6a677cd35a0a

  • SHA512

    a971813d7d37286a8416cbd37c10c1b85dfb0fd1864a58994455facfa916b274fa1ed59f7692fab721b740ef133c691065503f66623f95f2f162774f30872206

  • SSDEEP

    384:tBcgMSILxEUaNePqRpimmtIEQ6p5TKn8Svod2JzFlXYmnZzjcm:7hMFLxOzRphL6ju8SvoYym/

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2