00909000870.exe

General
Target

00909000870.exe

Size

1MB

Sample

210414-xnwlj7bdae

Score
10 /10
MD5

b6d292139cbd769bfa7c005cbc3a8202

SHA1

f12d48f3aa3a1910795a12fbc57b32d24145af73

SHA256

6e3816fe96ae72f3c7695e1a64225ed36ff8a7e61f0fb192447cb14d5736dcea

SHA512

3cde67951d45796bf76c7724db52cc2bf64d40cf55e5bb751c98a0028ea309549f0344f1c0e1adf32c384441a02507cbfbaf0476761bebc37f5816079472dc6a

Malware Config
Targets
Target

00909000870.exe

MD5

b6d292139cbd769bfa7c005cbc3a8202

Filesize

1MB

Score
10 /10
SHA1

f12d48f3aa3a1910795a12fbc57b32d24145af73

SHA256

6e3816fe96ae72f3c7695e1a64225ed36ff8a7e61f0fb192447cb14d5736dcea

SHA512

3cde67951d45796bf76c7724db52cc2bf64d40cf55e5bb751c98a0028ea309549f0344f1c0e1adf32c384441a02507cbfbaf0476761bebc37f5816079472dc6a

Tags

Signatures

  • StormKitty

    Description

    StormKitty is an open source info stealer written in C#.

    Tags

  • StormKitty Payload

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    7/10

                    behavioral2

                    10/10