General
-
Target
SecuriteInfo.com.Variant.Strictor.275982.17204.7010
-
Size
666KB
-
Sample
221026-ja9jtafad8
-
MD5
21f93cfd5719b49dc5567768d441e190
-
SHA1
46af249ebd3f721b92fa350cf946f16752f208ec
-
SHA256
8c631258f16b062dbbc3c6de1c5d27b727e5c7375fdff993a252fdc98814376a
-
SHA512
106151c33f7162c44109d04b5fc6c70f62c4975e3e0e2834d0d272ecb7a9fc9ba7a071a682014e964554c1c2715ba8a77d828852d765ab7195ecf1a47cbad541
-
SSDEEP
12288:8aJcmptCO6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGHb:8aGOCZlT+lQTD/O3BArRCHb
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Strictor.275982.17204.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Strictor.275982.17204.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Strictor.275982.17204.7010
-
Size
666KB
-
MD5
21f93cfd5719b49dc5567768d441e190
-
SHA1
46af249ebd3f721b92fa350cf946f16752f208ec
-
SHA256
8c631258f16b062dbbc3c6de1c5d27b727e5c7375fdff993a252fdc98814376a
-
SHA512
106151c33f7162c44109d04b5fc6c70f62c4975e3e0e2834d0d272ecb7a9fc9ba7a071a682014e964554c1c2715ba8a77d828852d765ab7195ecf1a47cbad541
-
SSDEEP
12288:8aJcmptCO6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGHb:8aGOCZlT+lQTD/O3BArRCHb
-
StormKitty payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-