Extracted

• • Target

    350e90c78478820a9240472f315c2ab90fea577893a121a1959e5c6b427d0b48

  • Size

    140KB

  • MD5

    93b5c69e8b112eb6220e44b41caba6d7

  • SHA1

    1b39574ba17317ea31de83175846610dd870f802

  • SHA256

    350e90c78478820a9240472f315c2ab90fea577893a121a1959e5c6b427d0b48

  • SHA512

    6348f041fea14348cf056a0387041a7a8cc711bf35b92884fc1384cb2f019c1b6ec5d43695e92ec65fc48071130e653ff4041ad9c4825b4e4a4d4bb29c1121b7

  • SSDEEP

    1536:SdXO/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVionmunqT4Iit7gN:SsZTkLfhjFSiO3oMPTJi+N

  Score

  10^/10

  stormkittycollectionstealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2