General
-
Target
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571
-
Size
534KB
-
Sample
221026-tn7mgsgcek
-
MD5
059ad08d9e8eef31013b815016bf2c50
-
SHA1
ec7aca3235e337104cae18b08519445907e33400
-
SHA256
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571
-
SHA512
5f496575852ca180ca92df1aeaa221613259d1666936c37602f5ca605a24b8dc3394cb0323683bfef257f9b71e9235984482482df237afe4cf59ed232a30ff68
-
SSDEEP
12288:lnC3ziKYs6O6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGH1:ln5KYs6ZlT+lQTD/O3BArRCH1
Static task
static1
Behavioral task
behavioral1
Sample
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571
-
Size
534KB
-
MD5
059ad08d9e8eef31013b815016bf2c50
-
SHA1
ec7aca3235e337104cae18b08519445907e33400
-
SHA256
7e8cb2531d08a6c664969bcbecbdb946fd7e3088ee8a3b4dab805536bf026571
-
SHA512
5f496575852ca180ca92df1aeaa221613259d1666936c37602f5ca605a24b8dc3394cb0323683bfef257f9b71e9235984482482df237afe4cf59ed232a30ff68
-
SSDEEP
12288:lnC3ziKYs6O6D7zkoT+lqp/7Iu/O2ybZx9Y9rl7jjGH1:ln5KYs6ZlT+lQTD/O3BArRCH1
-
StormKitty payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-