Overview

overview

10

Static

static

10

qRAPNmLiGFHwToK.exe

windows7-x64

10

qRAPNmLiGFHwToK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qRAPNmLiGFHwToK.exe

  • Size

    132KB

  • Sample

    220822-lftfwsdhdr

  • MD5

    bee47439c4960e2728594ece9ad95ba7

  • SHA1

    43f4b6f607dec5bec2a33e2fb4148c38de832490

  • SHA256

    8a1902d9c0dbe388b28ef5a9c8ec4c0f1802fc6ccd43471ea337dcb3d71c81d4

  • SHA512

    ad84d419d61b63e36a6766ba90773b39270bf9c8e72373b52c1979097e73110f749fad0cfed5c4f233304ad0af4b6e753666911ff7db83475c16c38976c46382

  • SSDEEP

    1536:MPM/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViocIdus3h4b6P/C:MYZTkLfhjFSiO3oeIdlsqC

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      qRAPNmLiGFHwToK.exe

    • Size

      132KB

    • MD5

      bee47439c4960e2728594ece9ad95ba7

    • SHA1

      43f4b6f607dec5bec2a33e2fb4148c38de832490

    • SHA256

      8a1902d9c0dbe388b28ef5a9c8ec4c0f1802fc6ccd43471ea337dcb3d71c81d4

    • SHA512

      ad84d419d61b63e36a6766ba90773b39270bf9c8e72373b52c1979097e73110f749fad0cfed5c4f233304ad0af4b6e753666911ff7db83475c16c38976c46382

    • SSDEEP

      1536:MPM/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViocIdus3h4b6P/C:MYZTkLfhjFSiO3oeIdlsqC

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks