Extracted

• • Target

    Halkbank_Ekstre_20221003_081552_734629.pdf.exe

  • Size

    965KB

  • MD5

    8fb1f1ec968e52ae2c514d5e83639c6f

  • SHA1

    18002ed9408c2ebb8c744365176e937f5b701336

  • SHA256

    30c738704cea85f5ccea877f987abc3e6250ffdf52abd60852c96d5fde2281bd

  • SHA512

    08684e4b8e24fd97741ca48721999cd3edb9e6278cd44da4a9169c53f060369c2b8726b0b7f6a13449b11e3fa1471536c513eb1cecbd48377a02cf35833634d5

  • SSDEEP

    12288:dENf32iNCdqE22rkaJprY5M9b31qtdBPh6T0wnrK4HTN:dSf31cdfvdprY5MFlMdR+0Y

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2