Extracted

• • Target

    hesaphareketi-01.exe

  • Size

    304KB

  • MD5

    437350bea5c6a15743708e40d626f6a2

  • SHA1

    84bcc16bd74838d3103308d1c34cf86f5870f2ce

  • SHA256

    da74712fd5cd155ff0404941b52156174ba6a52d8044c32657fa24901ba8dd74

  • SHA512

    8202e803cd81867320d4555d097b11b569020bc14e45b165233d4e6cf7e07d34fb88daf18be7944a5c2295f6087c3cc8e18656d3e9a4d5a99b80ff829d9c189c

  • SSDEEP

    6144:QYa69gSECqpOY0XngP6sW+/2zPELRV0nYvusV4Lh+FDciFq2FVIyMRX7J:QYLgQqpOY0XngPkLzAAnYvVV1DVNVIhX

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2