Overview

overview

10

Static

static

10

880-67-0x0...ry.exe

windows7-x64

10

880-67-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    880-67-0x0000000000400000-0x0000000000422000-memory.dmp

  • Size

    136KB

  • Sample

    220825-n9vxxsdfd5

  • MD5

    24e22ce7892db9e990ad7af8b4301b72

  • SHA1

    1dd749887f991720449a6d32543c2ca10df6818b

  • SHA256

    68c21a10a73486a8ec05ca3b417c548e02f0745e3cb0385fae4839d67ed96bcd

  • SHA512

    8b9b6e1157d2817fe92454ca4387eec740792b8caf3dfa186ef27a9811cd6dc7a815c154da37e1a7d7784a37f4276aef1ea979866a0552a74eeb6dc93988c262

  • SSDEEP

    1536:nJA/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioSGZVmJ5mQNZ:nOZTkLfhjFSiO3oseG

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      880-67-0x0000000000400000-0x0000000000422000-memory.dmp

    • Size

      136KB

    • MD5

      24e22ce7892db9e990ad7af8b4301b72

    • SHA1

      1dd749887f991720449a6d32543c2ca10df6818b

    • SHA256

      68c21a10a73486a8ec05ca3b417c548e02f0745e3cb0385fae4839d67ed96bcd

    • SHA512

      8b9b6e1157d2817fe92454ca4387eec740792b8caf3dfa186ef27a9811cd6dc7a815c154da37e1a7d7784a37f4276aef1ea979866a0552a74eeb6dc93988c262

    • SSDEEP

      1536:nJA/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoVioSGZVmJ5mQNZ:nOZTkLfhjFSiO3oseG

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks