Extracted

• • Target

    SecuriteInfo.com.Trojan.DownloaderNET.345.1711.21192.exe

  • Size

    646KB

  • MD5

    ca2212313ca424fb7afab4a05037a499

  • SHA1

    e0e1a2958af4cca5118c7ac08e2c9a6eaeaa8bd6

  • SHA256

    00953bdb9f48f2e3583b16b779d04de51b937ab108972f3e44ad49fc304514c2

  • SHA512

    8d1b218a841c7ded2bf0a7405cffa5e0e4bcf021a022334a599b47d635a2d6c8fa7ec50d52ba6d28366b1de2af624c829fcc19fe2029d45eb2f092927fd028cd

  • SSDEEP

    12288:DMCFXcO4GEDdJii/cJZFGFHeRHA6yRK1HeE7SlGesvKHRskEJ0b0b0b0b0b0b0+q:wYjUG7sF+RA6yRKQE7S3oKxsxWWWWWWG

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2