Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.16062.16220.exe

  • Size

    943KB

  • MD5

    779aba07d9e38600f5d56b1cdb4b13b3

  • SHA1

    978dbdd1de6938658fd2bb7fa62504bc9854e7df

  • SHA256

    c6deef7825e9fc588ee77c25398896ac695e0c02c44276fc4382218807b01e17

  • SHA512

    c1cb51a4be7c0c76b038aa22bdb3e171e7a07104ca87195f5dd854bfd56b48d101b630addce08d3bae5b86e6cf6ac82c5ce01cf0d2d1c8254b0f3e6c51a743ad

  • SSDEEP

    12288:njm1ajgVIqHZCWRehw84H+ZzF0ImT9JfeDH8EM1xr:cajysjhw+MImTbfmrwxr

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2