Analysis
-
max time kernel
596s -
max time network
566s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
28-04-2022 07:35
General
-
Target
appconsole.exe
-
Size
80KB
-
MD5
bbf6a17cc8d96f635840ae1d63223659
-
SHA1
b5675c4a47431bc9690e724228e1093f0a3a74f1
-
SHA256
cbcf13e1e93966e2d5d20a8e53ddd243546d5d531a0c50e840df505640e0c603
-
SHA512
e4e3a0054795d4cd9ace0c38644d119f302d0bf62cfc74a8e4765252c1443aab9ca4cc5de4eda64f47f6417c7fe3367a2f7010f286d90ee3c9fb23eb688bc228
Score
10/10
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\appconsole.exe"C:\Users\Admin\AppData\Local\Temp\appconsole.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4708 -s 19322⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 184 -p 4708 -ip 47081⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
-
Filesize
10.8MB