Extracted

• • Target

    TRANSFERIR COPIA.exe

  • Size

    337KB

  • MD5

    9c352057471512025b97b4b824bdd553

  • SHA1

    68c6df8e09222ae9d6df0e276bbc67389ce51e7a

  • SHA256

    d50091f2f374614a00ae73f14dabf529e887e1729da0903f59a09739f4c37e8d

  • SHA512

    f7a830522cb4a9a258cc6717c456bb059373cc60697e7346f5865412e18c463233899bbbe5fcc2620f183f4507e5a27b5cabf8877a8f4e1e0dbc1bc17632af7b

  • SSDEEP

    3072:MKfM3NUHb17PyUN25RVvoyGDDcbly+shCHHS/eOPkNa971hEbaFSkjiRrP9Nq:MJUHb17KH5TQwXsoHyeGYa+

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2