Extracted

• • Target

    fatura002344567,pdf.exe

  • Size

    266KB

  • MD5

    e8a06710a9e1f2ae99424343e6f79cbc

  • SHA1

    661eccd39e082d74b28f0c2bba440d7b7f8033cd

  • SHA256

    81d63eb754d5bf8897acfeb9762031fbe00d197c45aed84f2fe069dcd78109a1

  • SHA512

    42743045b9a7dad90688a10cf2679f1256f13bea2d97d3117c84ba1eb17c16f81ad40e14858a246da6dd538ab834855560ae89394d945eb6679a3c4c7a844f6c

  • SSDEEP

    6144:IYa6ub7aTUXh2l9RT70FYe5Avpc1jJdGuf:IYgXaW21W5Av25/f

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2