Extracted

• • Target

    SecuriteInfo.com.Trojan.PackedNET.1293.25944.579.exe

  • Size

    171KB

  • MD5

    3f302c49278e12a784224ab5e843b550

  • SHA1

    ca15f2c458dc63f69d96c9b61437326f8a9f37fd

  • SHA256

    f218fa4276e991739589e3f96b0abc8f53d499b88f2d824beedc01ce49e53bcc

  • SHA512

    edbb3d882dec265c45fe529ea90849ecfa67152a9eb13d108a15dd0f97c0376649d6a0ab65c2745925cd8bc5460c7a5475971e9b7c4408d5be5153cdecad452c

  • SSDEEP

    3072:UWF+Dtae1EdgDt+Tr9lxGs3bRQ1t9VArqOuwBgvuXkJ0eiMNsTEmSHm:UWEDt1Ed28lxGs3bR8t9uBuYgvuXkJX8

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2