Overview

overview

10

Static

static

10

1600-63-0x...ry.exe

windows7-x64

10

1600-63-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1600-63-0x0000000000400000-0x0000000000423000-memory.dmp

  • Size

    140KB

  • Sample

    220727-gcsyqseca3

  • MD5

    2b89e08b3e7c7ee1df564080176fea54

  • SHA1

    30da694a969d27302d3fca9c5e669e27509c2997

  • SHA256

    6331e7aeb6d0e11d6c1d6c987a0835045091f111383e3a18c50cf6a336744a6b

  • SHA512

    309bcc83d8d7fbe07b44038954f7df365221c9ba3401a40cca437bb5f1e8aac47773df405daaf9b2c15a925875bf104dabf7d2618152f3709418fc7726f8941d

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      1600-63-0x0000000000400000-0x0000000000423000-memory.dmp

    • Size

      140KB

    • MD5

      2b89e08b3e7c7ee1df564080176fea54

    • SHA1

      30da694a969d27302d3fca9c5e669e27509c2997

    • SHA256

      6331e7aeb6d0e11d6c1d6c987a0835045091f111383e3a18c50cf6a336744a6b

    • SHA512

      309bcc83d8d7fbe07b44038954f7df365221c9ba3401a40cca437bb5f1e8aac47773df405daaf9b2c15a925875bf104dabf7d2618152f3709418fc7726f8941d

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks