Extracted

• • Target

    SecuriteInfo.com.Trojan.MSIL.Basic.5.Gen.21167.21247.exe

  • Size

    777KB

  • MD5

    ce4b52b35918a6aaae436aa29b5c9c0f

  • SHA1

    fe4a06c24070a66782678c487db865fde69dc391

  • SHA256

    3a0d8ce7111fd0d66caa1d06cb554a6e953e0f8d0b9828b53d5cc8318366e111

  • SHA512

    4782192f68234e456cddbdb2b64a0300bd1c2ba1064fb222e977c10e3896555895b355b61ec5f1982207d8b23df4c6ceccc2d14d006712433f770a9669d2dbfa

  • SSDEEP

    12288:6U4jXCnPKrDSaLvb2tRSCfJgMH5BxAaQSRFqwwgOmA:61jXMPKrDbDoRSCfGOPvlRhwkA

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2