Overview

overview

10

Static

static

10

4736-137-0...ry.exe

windows7-x64

10

4736-137-0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4736-137-0x0000000000400000-0x0000000000421000-memory.dmp

  • Size

    132KB

  • Sample

    220812-grj95sbhh7

  • MD5

    750aaf92bc7e94e6e32005c92532b1cc

  • SHA1

    94f5051471090e7873eb40f874b0fe25066a3ba3

  • SHA256

    4c05eccdf631718494acad0f088c54be2d1c13ec3e42e6ce21783a83fd3561b4

  • SHA512

    3aa36d3bba46ab02f762b39e707674278aab4bc60c3089f230b7afeabd3b8755d73fbce5e6d371258206d0f924805c43bffaed521b5deecc2a20b3e84486017b

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      4736-137-0x0000000000400000-0x0000000000421000-memory.dmp

    • Size

      132KB

    • MD5

      750aaf92bc7e94e6e32005c92532b1cc

    • SHA1

      94f5051471090e7873eb40f874b0fe25066a3ba3

    • SHA256

      4c05eccdf631718494acad0f088c54be2d1c13ec3e42e6ce21783a83fd3561b4

    • SHA512

      3aa36d3bba46ab02f762b39e707674278aab4bc60c3089f230b7afeabd3b8755d73fbce5e6d371258206d0f924805c43bffaed521b5deecc2a20b3e84486017b

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks