Extracted

• • Target

    Transferir copia.exe

  • Size

    310KB

  • MD5

    9decc19fa8275a1ee248dd78443e5142

  • SHA1

    9ae643a82fd28cb70f2bdbfa571d3306c36a0563

  • SHA256

    6a9f7792c2ea3a19038cc5d8cfbe4a1edcba5750bc3a0cd6dae8092b6bdae485

  • SHA512

    fe67559ded199fffd1c8e56b068af0f0337d81d8ce9e196a9232c0ba23033e28422aa6f118b60d5b83d7f843a93150091c3ba9e68518ada0b6c4c02fc468853e

  • SSDEEP

    3072:KA4ShYRtM95ZNqhWR2UTx39u77zNTW+9lvAY4lQXeMAXO271hEbaFSkjiRrP+Fq:tmY5WsBqvA0veyXeYa+

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2