General

  • Target

    701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

  • Size

    136KB

  • Sample

    220802-v4lkmahdb3

  • MD5

    6862264bbd7688ac4bd96f16786cd153

  • SHA1

    8fd23a996f8b78914f9969cb3c31be7ffd02e346

  • SHA256

    701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

  • SHA512

    23df9d7fe2e8028d2b7f985344ac5ff0d01f9a45f0925f6b37b0df64aab3702612e5bfb56cb29bc2325bd26ffe152fc69f4af5e36d0e94a97a6f04d27460c2e2

Malware Config

Targets

    • Target

      701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

    • Size

      136KB

    • MD5

      6862264bbd7688ac4bd96f16786cd153

    • SHA1

      8fd23a996f8b78914f9969cb3c31be7ffd02e346

    • SHA256

      701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

    • SHA512

      23df9d7fe2e8028d2b7f985344ac5ff0d01f9a45f0925f6b37b0df64aab3702612e5bfb56cb29bc2325bd26ffe152fc69f4af5e36d0e94a97a6f04d27460c2e2

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.