00000998880.exe

General
Target

00000998880.exe

Size

1MB

Sample

210412-b1cbwscr6s

Score
10 /10
MD5

b75196ccea3a4ed66a87e7a98595b27f

SHA1

db65efb2c2f426165479a6b9f70700d61f56b6e2

SHA256

7a15a21c229fd3f9a2a18f2bb13bf2845a76a3822914c751174b1aa98303b8e8

SHA512

2b23d1b83ecf18cc7ca5cb581691e17704f48320d43e849a527ce5079082c048a35eabb00cc40bf9fd1f207ea1f870de560b283742e8d47228666ed2aa4d49a1

Malware Config
Targets
Target

00000998880.exe

MD5

b75196ccea3a4ed66a87e7a98595b27f

Filesize

1MB

Score
10 /10
SHA1

db65efb2c2f426165479a6b9f70700d61f56b6e2

SHA256

7a15a21c229fd3f9a2a18f2bb13bf2845a76a3822914c751174b1aa98303b8e8

SHA512

2b23d1b83ecf18cc7ca5cb581691e17704f48320d43e849a527ce5079082c048a35eabb00cc40bf9fd1f207ea1f870de560b283742e8d47228666ed2aa4d49a1

Tags

Signatures

  • StormKitty

    Description

    StormKitty is an open source info stealer written in C#.

    Tags

  • StormKitty Payload

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10