Extracted

• • Target

    SecuriteInfo.com.Trojan.DownloaderNET.345.23488.23453.exe

  • Size

    156KB

  • MD5

    0de35e232c585438a87c563cb13c4ec5

  • SHA1

    e2dbb9bba04f64dde832e85d4466018fa36e1d08

  • SHA256

    d855efc2e9bd0f59beeae00942f616c34a332edf9888f5a92d0b95bce37cc25f

  • SHA512

    ed15ed4614e1421404188e0cc84a08db96812c59ad41d9a7f7cd3586b92959d048a3a71040ac1960cdf62652846e7ad2316dd9c8129d4ccd389a9088536ef92d

  • SSDEEP

    3072:YYF4uzsugBdatnJLxgzufBY3eixnD+68QaimUtzZ7mwHm:YYF4i9gBktn1IYYOEDisG

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2