Overview

overview

10

Static

static

10

3096-160-0...ry.exe

windows7-x64

10

3096-160-0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3096-160-0x0000000000400000-0x0000000000425000-memory.dmp

  • Size

    148KB

  • Sample

    220815-hppyaafehm

  • MD5

    0a9715a586d2269fa1c5886a81619e12

  • SHA1

    3fe6173dfb1f5ba7cf7a9f6637387662fad0809a

  • SHA256

    e88a5e6bdede20e8874eb9570e626dd84181349050da2d2108213cbe10f22356

  • SHA512

    3b9527fd26c4a2ab672c5266a549ac1c862e3bcd3b6a517f7aaa00456230ec0a4df9dcfa23834d38ae243cf977c3718b9aee322d443d32d29b705145f2d64066

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      3096-160-0x0000000000400000-0x0000000000425000-memory.dmp

    • Size

      148KB

    • MD5

      0a9715a586d2269fa1c5886a81619e12

    • SHA1

      3fe6173dfb1f5ba7cf7a9f6637387662fad0809a

    • SHA256

      e88a5e6bdede20e8874eb9570e626dd84181349050da2d2108213cbe10f22356

    • SHA512

      3b9527fd26c4a2ab672c5266a549ac1c862e3bcd3b6a517f7aaa00456230ec0a4df9dcfa23834d38ae243cf977c3718b9aee322d443d32d29b705145f2d64066

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks