Ref150420190619A-B0270PEL. pdf.exe

General
Target

Ref150420190619A-B0270PEL. pdf.exe

Size

1MB

Sample

210331-jav54xv2r6

Score
10 /10
MD5

5ed97211220671294ee925c64b1e3ebc

SHA1

22651d893883c0e0df19df33a31cb75ded09d102

SHA256

01bac3adf5b25f8dad0afe3fd753eefa5b31f2b3550e44069f594280e084f9b4

SHA512

73d7b53b0fe041d06f025842a57149e96aa9b6d52e2983c520ae52ea39c0bd617fd9341a32377bafe9e5d7da86807fbe062add794749f85e98f569dedb18c1a5

Malware Config
Targets
Target

Ref150420190619A-B0270PEL. pdf.exe

MD5

5ed97211220671294ee925c64b1e3ebc

Filesize

1MB

Score
10 /10
SHA1

22651d893883c0e0df19df33a31cb75ded09d102

SHA256

01bac3adf5b25f8dad0afe3fd753eefa5b31f2b3550e44069f594280e084f9b4

SHA512

73d7b53b0fe041d06f025842a57149e96aa9b6d52e2983c520ae52ea39c0bd617fd9341a32377bafe9e5d7da86807fbe062add794749f85e98f569dedb18c1a5

Tags

Signatures

  • StormKitty

    Description

    StormKitty is an open source info stealer written in C#.

    Tags

  • StormKitty Payload

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10