Overview

overview

10

Static

static

10

1204-63-0x...ry.exe

windows7-x64

10

1204-63-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1204-63-0x0000000000400000-0x0000000000424000-memory.dmp

  • Size

    144KB

  • Sample

    220830-swljjscec2

  • MD5

    acf3538ea70ef5d6065a52923b4ffffb

  • SHA1

    6e5740d68755a26829d827127b5d2f18d1a075a0

  • SHA256

    de78997747f793a2a8d9a4ab04b8e4d34820e87426f7d3b52c6fd0b02d2f266f

  • SHA512

    0300a7a686a025fa9163389f6080064cd0bf927c0c1c716dc4b6c27aba65d227310c63f9b6505295d007a09cb33b1df254aec129216d3c08f907b14a2e7b55c9

  • SSDEEP

    1536:UIn/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViojC5yRto3gDwZC5h9mDxOWO:UI/ZTkLfhjFSiO3oKmM6h98

Score
10/10
blustealerstormkittycollectionstealer

Malware Config

Targets

    • Target

      1204-63-0x0000000000400000-0x0000000000424000-memory.dmp

    • Size

      144KB

    • MD5

      acf3538ea70ef5d6065a52923b4ffffb

    • SHA1

      6e5740d68755a26829d827127b5d2f18d1a075a0

    • SHA256

      de78997747f793a2a8d9a4ab04b8e4d34820e87426f7d3b52c6fd0b02d2f266f

    • SHA512

      0300a7a686a025fa9163389f6080064cd0bf927c0c1c716dc4b6c27aba65d227310c63f9b6505295d007a09cb33b1df254aec129216d3c08f907b14a2e7b55c9

    • SSDEEP

      1536:UIn/Zws3kTnvzbhNBPmxue2SRQg0dkEwiqoViojC5yRto3gDwZC5h9mDxOWO:UI/ZTkLfhjFSiO3oKmM6h98

    Score
    10/10
    stormkittycollectionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks