Overview

overview

10

Static

static

10

1144-63-0x...ry.exe

windows7_x64

10

1144-63-0x...ry.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1144-63-0x0000000000400000-0x0000000000427000-memory.dmp

  • Size

    156KB

  • Sample

    220623-rd1ebagba5

  • MD5

    15abbbfa7b1b8d7f82e51dfc14c86393

  • SHA1

    62f55d2212dbec882462f05cc14cafee6510681f

  • SHA256

    def228546fa6a16c9d0df8e01a587d979e5728d20f05fb78bf08ed07e35758d9

  • SHA512

    2dd73773d582383c9e97e7aa31f1d5b95075db83f52fe27c8b8bfa28e3749d700bcfafe1bb13e18b9e7b5532f6341404dbf729c538483712d7bd2d7379d42c48

Score
10/10
blustealerstormkittycollectionspywarestealer

Malware Config

Targets

    • Target

      1144-63-0x0000000000400000-0x0000000000427000-memory.dmp

    • Size

      156KB

    • MD5

      15abbbfa7b1b8d7f82e51dfc14c86393

    • SHA1

      62f55d2212dbec882462f05cc14cafee6510681f

    • SHA256

      def228546fa6a16c9d0df8e01a587d979e5728d20f05fb78bf08ed07e35758d9

    • SHA512

      2dd73773d582383c9e97e7aa31f1d5b95075db83f52fe27c8b8bfa28e3749d700bcfafe1bb13e18b9e7b5532f6341404dbf729c538483712d7bd2d7379d42c48

    Score
    10/10
    stormkittycollectionspywarestealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks