General

  • Target

    Ref150420190619A-B0270PEL. pdf.exe

  • Size

    1.0MB

  • Sample

    210331-jav54xv2r6

  • MD5

    5ed97211220671294ee925c64b1e3ebc

  • SHA1

    22651d893883c0e0df19df33a31cb75ded09d102

  • SHA256

    01bac3adf5b25f8dad0afe3fd753eefa5b31f2b3550e44069f594280e084f9b4

  • SHA512

    73d7b53b0fe041d06f025842a57149e96aa9b6d52e2983c520ae52ea39c0bd617fd9341a32377bafe9e5d7da86807fbe062add794749f85e98f569dedb18c1a5

Malware Config

Targets

    • Target

      Ref150420190619A-B0270PEL. pdf.exe

    • Size

      1.0MB

    • MD5

      5ed97211220671294ee925c64b1e3ebc

    • SHA1

      22651d893883c0e0df19df33a31cb75ded09d102

    • SHA256

      01bac3adf5b25f8dad0afe3fd753eefa5b31f2b3550e44069f594280e084f9b4

    • SHA512

      73d7b53b0fe041d06f025842a57149e96aa9b6d52e2983c520ae52ea39c0bd617fd9341a32377bafe9e5d7da86807fbe062add794749f85e98f569dedb18c1a5

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty Payload

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks