Extracted

• • Target

    hesaphareketi-01.exe

  • Size

    249KB

  • MD5

    ff608c7e72a486f71069cf6eab782d3c

  • SHA1

    1927d0c361c02c075005842410e2ef4661909fcc

  • SHA256

    17b3bacd218018d84a5ab6e8d8dcb0f9b16d9e9f6a77a597d8dbe100fbd61667

  • SHA512

    b424e88626c4c6b40e2749635fb96e68e9da8b0bed973c85af7c54282a2df2549b8421f57fea5a3a2e0aff9d33ee6ee7b5369d006f9bec033c9dd1d13dd9f6c9

  • SSDEEP

    3072:kfY/TU9fE9PEtuHbq4aaXavMTQmVf5hgMAG47F27OxVIObwi8qwGHGWZYvGqKr4M:yYa6Nq4aaXaMJfsMAGUYAZXr6vGqYzH

  Score

  10^/10

  blustealerstormkittycollectionpersistencestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2