Extracted

• • Target

    PEDIDO020523.exe

  • Size

    691KB

  • MD5

    5c435b912ff7ec3f5b147ff71a9ccf6f

  • SHA1

    da5f7424d4deef782190852f654b94dc9295afc1

  • SHA256

    94f51a2fef39412213639a0070d29e97a2f744dfb9bfdb8f4dea5f46052e8dda

  • SHA512

    f57fffc641ebcd51aed4cd9a0e28c3639e4d54b7fcb2f1dbbec7fbedfb58eb6b07c96cd7619c0533d620790d7d3d34c01099a9106ed9c91033f0634ca3e4ca94

  • SSDEEP

    12288:OrgmRp27goQV8bpxYHsntfwNM2wzO5j1tAilPTz8vf2ZeozmpgUMnGWIUP9c:OrgmR18b4MNwNMFzuTdJTufIW7WdP9

  Score

  10^/10

  blustealerstormkittycollectionstealerredlineinfostealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2