Overview

overview

10

Static

static

10

1564-64-0x...ry.exe

windows7-x64

10

1564-64-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1564-64-0x0000000000400000-0x0000000000425000-memory.dmp

  • Size

    148KB

  • Sample

    220812-hdblhscce2

  • MD5

    8f964936c5931ddfb9a4b4aab8ec8776

  • SHA1

    bb8259c142988f490ed5e5bfb0d66a2c45930e16

  • SHA256

    c5b39deb91ede123e253cbf68e0b56323410da878b508f7f81ed5030825a7f9b

  • SHA512

    c2b9dfd84a8cda45be9f52efcdea2b6d27830f76786c0e2ed9f8ded3f768b25423efbb631a9ddf4467f4ee3d17ae0aaf37ace18228a963d5bd3667a4af175097

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      1564-64-0x0000000000400000-0x0000000000425000-memory.dmp

    • Size

      148KB

    • MD5

      8f964936c5931ddfb9a4b4aab8ec8776

    • SHA1

      bb8259c142988f490ed5e5bfb0d66a2c45930e16

    • SHA256

      c5b39deb91ede123e253cbf68e0b56323410da878b508f7f81ed5030825a7f9b

    • SHA512

      c2b9dfd84a8cda45be9f52efcdea2b6d27830f76786c0e2ed9f8ded3f768b25423efbb631a9ddf4467f4ee3d17ae0aaf37ace18228a963d5bd3667a4af175097

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks