Overview

overview

10

Static

static

10

1364-62-0x...ry.exe

windows7-x64

10

1364-62-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1364-62-0x0000000000400000-0x0000000000422000-memory.dmp

  • Size

    136KB

  • Sample

    220824-thsalsfgdl

  • MD5

    f8595e98380da913420ba9ebc5061f56

  • SHA1

    ca5854ecc121e63b6569c356a775366a2d1886ef

  • SHA256

    2e7d002f58564a1b1fa0a9f2be1c2546554cb7d8f6a8819a9190fdbaba0a193f

  • SHA512

    9caa9891e6be83159165394ca5c93f766aa8d005db56f3e02c559a4a6e8b597df6e6bdaba3d86b94996229bcec9745063b6e4c42cb240a8ece275b688c6df24a

  • SSDEEP

    1536:L/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViorkfPPJICi5h3eF1:bZTkLfhjFSiO3odkfP7iHy

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      1364-62-0x0000000000400000-0x0000000000422000-memory.dmp

    • Size

      136KB

    • MD5

      f8595e98380da913420ba9ebc5061f56

    • SHA1

      ca5854ecc121e63b6569c356a775366a2d1886ef

    • SHA256

      2e7d002f58564a1b1fa0a9f2be1c2546554cb7d8f6a8819a9190fdbaba0a193f

    • SHA512

      9caa9891e6be83159165394ca5c93f766aa8d005db56f3e02c559a4a6e8b597df6e6bdaba3d86b94996229bcec9745063b6e4c42cb240a8ece275b688c6df24a

    • SSDEEP

      1536:L/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViorkfPPJICi5h3eF1:bZTkLfhjFSiO3odkfP7iHy

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks