Extracted

• • Target

    SecuriteInfo.com.Trojan.PackedNET.738.23341.25620.exe

  • Size

    720KB

  • MD5

    0a8a8bb51b44f7f6ccd46e5d1eb1d18a

  • SHA1

    344087770607b1d798119e7ca80a791ccc78e8d7

  • SHA256

    e7ad0d4818864258099fb12565bf8c2ae0133e8aca18479535a8641af5a54650

  • SHA512

    fd177bafd084f79335e2a39d52792d63d663726a1cf7e6f3870d23880470fc98fa0dc4fb6f13729813ae849d342a6ccb3bd6eacf725b8cb7d0de76a8da7c1993

  • SSDEEP

    6144:8MTl4yBAYL3m8YIuu55dZro8g4RhNr2QospDh9uNwIzOvvWVxCjZyk67Wvfih0mi:8MHPLW8z75za8ZRjrVxvut+vrdyz7

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2