stormkitty | fddde87baeb78e0cbd56e87bf6e27052c13a42b5c808331b39157a605851164e | Triage

Submit
Reports

Overview

overview

Static

static

stub.bin.exe

windows7_x64

stub.bin.exe

windows10_x64

7

Sharing

General

Target

stub.bin
Size

561KB
Sample

211025-r5tqvahbfk
MD5

68260e77a8d3f9f51e06d351f9ec4a9a
SHA1

11dad0b9986ed9f8da5b8021bf1fdcef7aeba159
SHA256

fddde87baeb78e0cbd56e87bf6e27052c13a42b5c808331b39157a605851164e
SHA512

7801cfdf9786d14c5386c900e42b8228c8242be13e5f6d3e8fd8b4c93f6796faec7caf0f93077ecc5933e912113ea6dfb735160b0289e34073a7f0a337ff66f1

Score

10^/10

stormkitty spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

stub.bin.exe

Resource

win7-en-20210920

stormkitty spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

stub.bin.exe

Resource

win10-en-20210920

spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  stub.bin
- Size
  
  561KB
- MD5
  
  68260e77a8d3f9f51e06d351f9ec4a9a
- SHA1
  
  11dad0b9986ed9f8da5b8021bf1fdcef7aeba159
- SHA256
  
  fddde87baeb78e0cbd56e87bf6e27052c13a42b5c808331b39157a605851164e
- SHA512
  
  7801cfdf9786d14c5386c900e42b8228c8242be13e5f6d3e8fd8b4c93f6796faec7caf0f93077ecc5933e912113ea6dfb735160b0289e34073a7f0a337ff66f1
Score

10^/10

stormkitty spyware stealer suricata
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty Payload
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

stormkittyspywarestealersuricata

behavioral2

© 2018-2024

Terms | Privacy