Overview

overview

10

Static

static

10

8a1902d9c0...d4.exe

windows7-x64

10

8a1902d9c0...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a1902d9c0dbe388b28ef5a9c8ec4c0f1802fc6ccd43471ea337dcb3d71c81d4

  • Size

    60KB

  • Sample

    220824-c3e3cafaep

  • MD5

    113f6f9cdef15f8b90817458491fb853

  • SHA1

    98b11b8feed3254f7293369874d715263566a9f8

  • SHA256

    1af56bfa1c4c997f43f363c4b654671dadfb4bc39f97b22f63883154f644a6e6

  • SHA512

    a6ec050ceeec63f542158ea9d34887d4cb742a375c1d69bed8b03ab1681413b640c9e7e84a8eff8a69ccba154d173d05afdcc2f9646f44723de99784f529685d

  • SSDEEP

    1536:yOnBBJ/i/m+3GZ8R4aCNgMY0j+cSsDU3V2//M40d:yiBBwgtCb0Oz2XM4K

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      8a1902d9c0dbe388b28ef5a9c8ec4c0f1802fc6ccd43471ea337dcb3d71c81d4

    • Size

      132KB

    • MD5

      bee47439c4960e2728594ece9ad95ba7

    • SHA1

      43f4b6f607dec5bec2a33e2fb4148c38de832490

    • SHA256

      8a1902d9c0dbe388b28ef5a9c8ec4c0f1802fc6ccd43471ea337dcb3d71c81d4

    • SHA512

      ad84d419d61b63e36a6766ba90773b39270bf9c8e72373b52c1979097e73110f749fad0cfed5c4f233304ad0af4b6e753666911ff7db83475c16c38976c46382

    • SSDEEP

      1536:MPM/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViocIdus3h4b6P/C:MYZTkLfhjFSiO3oeIdlsqC

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks