stormkitty | e7160af1cb0c41b98220178ee42349607b60f857dfe22df36bb87540a8543254 | Triage

Submit
Reports

Overview

overview

Static

static

Test.exe

windows7-x64

Test.exe

windows10-1703-x64

Test.exe

windows10-2004-x64

Resubmissions

06/11/2022, 15:34

221106-szq87shdc2 10

06/11/2022, 15:29

221106-sw2krsbdeq 10

06/11/2022, 15:12

221106-slapasgfe9 10

Sharing

Copy URL Twitter E-mail

General

Target

Test.exe
Size

83KB
Sample

221106-szq87shdc2
MD5

0610c1d84bd8e21dac0c7b2ed2ffdeb8
SHA1

11f1ed82944b618de66dd007d7ce84121ad71923
SHA256

e7160af1cb0c41b98220178ee42349607b60f857dfe22df36bb87540a8543254
SHA512

9aebab09946fdcdd7713addaad1fd48832aca734f45717f89076759cd0eac54bf0366a8662d3c0412bc5a2025dd60b91c83358e44e2d74b920644a86eb4044fd
SSDEEP

1536:nAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdMzT8wH2bOKjpcbf9bPNZVBfxjDkOW:SDewnphb5wr6f9bfDhDkOen

Score

10^/10

stormkitty persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Test.exe

Resource

win7-20220812-en

stormkitty persistence stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Test.exe

Resource

win10-20220812-en

stormkitty persistence stealer

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

Test.exe

Resource

win10v2004-20220812-en

stormkitty persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Test.exe
- Size
  
  83KB
- MD5
  
  0610c1d84bd8e21dac0c7b2ed2ffdeb8
- SHA1
  
  11f1ed82944b618de66dd007d7ce84121ad71923
- SHA256
  
  e7160af1cb0c41b98220178ee42349607b60f857dfe22df36bb87540a8543254
- SHA512
  
  9aebab09946fdcdd7713addaad1fd48832aca734f45717f89076759cd0eac54bf0366a8662d3c0412bc5a2025dd60b91c83358e44e2d74b920644a86eb4044fd
- SSDEEP
  
  1536:nAMfrTX01OrGpRZNdbv66Claewnph6Nu3qdMzT8wH2bOKjpcbf9bPNZVBfxjDkOW:SDewnphb5wr6f9bfDhDkOen
Score

10^/10

stormkitty persistence stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittypersistencestealer

behavioral2

stormkittypersistencestealer

behavioral3

stormkittypersistencestealer

© 2018-2025

Terms | Privacy