Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5adba5715cd10a3c9dcf11d7ab1e30834050eef7513bda558bfe39a53a364ac

  • Size

    136KB

  • Sample

    220802-v4htqshda4

  • MD5

    97ea1fd26da454e1502d7f4de38a21af

  • SHA1

    4aa14c0146621373c9e022c626f9e50560947389

  • SHA256

    d5adba5715cd10a3c9dcf11d7ab1e30834050eef7513bda558bfe39a53a364ac

  • SHA512

    db31c10d4d0a7c6798d99a12c49bdfaa8957c84b03a62c3f2cdb14a5ac15008340229df1238adea707dfe255b107db36aab53574571cf3bd8d208447293e6363

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      d5adba5715cd10a3c9dcf11d7ab1e30834050eef7513bda558bfe39a53a364ac

    • Size

      136KB

    • MD5

      97ea1fd26da454e1502d7f4de38a21af

    • SHA1

      4aa14c0146621373c9e022c626f9e50560947389

    • SHA256

      d5adba5715cd10a3c9dcf11d7ab1e30834050eef7513bda558bfe39a53a364ac

    • SHA512

      db31c10d4d0a7c6798d99a12c49bdfaa8957c84b03a62c3f2cdb14a5ac15008340229df1238adea707dfe255b107db36aab53574571cf3bd8d208447293e6363

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks