Extracted

• • Target

    DOC00163936-pdf.exe

  • Size

    1.4MB

  • MD5

    d09bba5762384cc89632817f05a6e930

  • SHA1

    c3cba9fb29262d1ea796c9c90e23b73db5077b32

  • SHA256

    cc0caa36bb40f1d15b6f338539239dc0fb978d38620e5f8d21b86a45e682e6e6

  • SHA512

    7c74adb802167f066d0cf1ff97fa36cbfacc30ca1a5c8d8f4116725011b260506dc6f1767a5ea1f149c3cf2840c6ac5ec4a438e9a1bfe84c446232e533ad99f1

  • SSDEEP

    12288:/56S8U9J7BmsH6UstLIAYB9oiCRFx3HTQrZYeafOfXL2iTmwA4cX3MzSSV93QMOK:NoS6rtLlYlCbJ8RGOfJ04JSSDYs

  Score

  10^/10

  blustealerstormkittycollectionstealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2