stormkitty | Linq4me[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Linq4me.exe
Size

79KB
MD5

113dea4ec68bb1e2a9f19b33c1964ab1
SHA1

c11816299b9a1dd2092e3fa3628ea205e368a1ec
SHA256

922aa1bf1ccc41c0ba9a4cd57a6e8da6ec57ad27d16a860885fddf0e3d1979e1
SHA512

a1b84a212da74cf82ac7e343955bddd7121418f017e3fdadf8270bbc0ece3240c8e2f62adfae007fdfef8601ead9302a36fdda64243934392523e12f8004886d
SSDEEP

1536:zSY3GFvpAVy0/AvJj/gwbIBpxxIuNW5OVvzxVd5DByUwyv+uo:+FVvJ+7xbEAB9Vd5gb7

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Files

Linq4me.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ