Extracted

• • Target

    SecuriteInfo.com.Trojan.PackedNET.1293.1820.15114.exe

  • Size

    170KB

  • MD5

    188eeefe57b2521c175f3681117fd7a9

  • SHA1

    8f6e5271b1b0ef3a5c72553e0308882f4a0b28df

  • SHA256

    f2ca13bec0a58da06631590d73880cce7dddf5f7b145ede8b63c6727839c14f3

  • SHA512

    d843eeb728bf8fb0d919316e90844a2e2a3dcbacc17dc553f4340c0d7a71498fc74ca5cc79860ff578cf650dfdd37b3307d9c77844b96fe6475674b32e3d1327

  • SSDEEP

    3072:CQvOvQE0yIWR63PphdLrk3lcYxGdNPK39B00MrZUc/lZvPV2a5BptR65tsWHm:CQURbIWRKPpDLrk6IENCtf+ZUc/ltVRF

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2