General
-
Target
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4
-
Size
449KB
-
Sample
201106-vfhd6xc9ss
-
MD5
f20f5ad4b8d13a4fb00275480075d145
-
SHA1
0d97a9ec2707a86144836765a64a91e9a04f08ae
-
SHA256
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4
-
SHA512
cac8ac52eb088448db62b4880917e14214f52d6e8492618145cf87cb3a2771352e554107a6ed184eb5e9fcfd9fe730d5ac92a37c7f4801dd37f7ed76cccc367b
Static task
static1
Behavioral task
behavioral1
Sample
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4.exe
Resource
win10v20201028
Malware Config
Extracted
oski
web24host.com/a/a/www/
Targets
-
-
Target
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4
-
Size
449KB
-
MD5
f20f5ad4b8d13a4fb00275480075d145
-
SHA1
0d97a9ec2707a86144836765a64a91e9a04f08ae
-
SHA256
9b3da318b86a4bf8b36aca1ea75841e5fc03a57eb500d3379847573e7546a4c4
-
SHA512
cac8ac52eb088448db62b4880917e14214f52d6e8492618145cf87cb3a2771352e554107a6ed184eb5e9fcfd9fe730d5ac92a37c7f4801dd37f7ed76cccc367b
-
StormKitty Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-