Extracted

• • Target

    NHHhHhab.exe

  • Size

    764KB

  • MD5

    072fa2c24d833a4d1370c4830977ee5a

  • SHA1

    74b2abcae6491d617225b5b430bd3309ee212fb4

  • SHA256

    980d032454e0f471a820a594683ae833ac86d4c074fbf43cb47798ca774b35f6

  • SHA512

    9589f213e00648acfac43bc56e5b3b74746dfd688ef052017b9f0d53ffb12c20f4257ebde497bb8bdd03829ea0e8a92879d625076af9a4919284cf16f1256495

  • SSDEEP

    12288:AQHFUlKANJ2yE8qMg+dEOrCG0D7SKHBweeSXXYrzQ70W:AFk+EOrCG0DmgBwerHYo0W

  Score

  10^/10

  blustealerstormkittycollectionspywarestealer

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2