Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.3137.exe

  • Size

    166KB

  • MD5

    74c571340a29f8b79e012e9d835ac426

  • SHA1

    81401ab6f1e291774d5465750eaedac986d4dc3b

  • SHA256

    06a16b27c0fb73721a8e914688491abab539ea56fbe8df580fa91b22a0c8afec

  • SHA512

    c8593976fa0a77b0108e71796b17df72d0cbe82d91b7bf9d1c4bbebaeeb21827c7861b9d5b9a89bbf53ef2845acfdaac2461cd772e212cae2985dd2233425b18

  • SSDEEP

    3072:ep8xfXO3mVO6ipX6PN6BrjZy7EZRgA3NAR8MrDgeLdj8bKrOHm:k8xfQmVtipX6VWDHCRhXFdoO6G

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2