Extracted

• • Target

    TRANSFERIR COPIA_26-01-2023.exe

  • Size

    124KB

  • MD5

    6b6158281be7a4c6d27c26a19584a506

  • SHA1

    642977b3de3a0d226859228dae11cb5d74ff0472

  • SHA256

    d7cd5ce46ffb8abe6ee2cb0c2a9f6528d8121fb90bd4072e71cd901099885eb3

  • SHA512

    ad9fda9a3a6f251f5bbfecf0a7b0aac322f9593e2ceca758aeaef42f651351ca0b77e346651f7b25cbfdb2d05b8fb1f7bb40e50bd7fbff78c4099c9905f8f506

  • SSDEEP

    3072:hzVvRQ0DOtiT3VLK8LEN7m8lneeF1eujsqk7jx++eH6:hpJpOtQON7m8de6okkB++eH

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2