Overview

overview

10

Static

static

10

6862264bbd...53.exe

windows7-x64

10

6862264bbd...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6862264bbd7688ac4bd96f16786cd153.exe

  • Size

    136KB

  • Sample

    220802-wm15esahek

  • MD5

    6862264bbd7688ac4bd96f16786cd153

  • SHA1

    8fd23a996f8b78914f9969cb3c31be7ffd02e346

  • SHA256

    701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

  • SHA512

    23df9d7fe2e8028d2b7f985344ac5ff0d01f9a45f0925f6b37b0df64aab3702612e5bfb56cb29bc2325bd26ffe152fc69f4af5e36d0e94a97a6f04d27460c2e2

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      6862264bbd7688ac4bd96f16786cd153.exe

    • Size

      136KB

    • MD5

      6862264bbd7688ac4bd96f16786cd153

    • SHA1

      8fd23a996f8b78914f9969cb3c31be7ffd02e346

    • SHA256

      701ef63a3a8c4f2eb90d64cd897e0098460e1272a54404b90ab794a685b98ffc

    • SHA512

      23df9d7fe2e8028d2b7f985344ac5ff0d01f9a45f0925f6b37b0df64aab3702612e5bfb56cb29bc2325bd26ffe152fc69f4af5e36d0e94a97a6f04d27460c2e2

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks