General
-
Target
1a.exe
-
Size
1.4MB
-
Sample
221123-mxtnnafc66
-
MD5
80467b17d18000d6fab38846004e81ea
-
SHA1
1ffbeeeb77a563e7068cbd85c5d2ee2423e01017
-
SHA256
1aa7b910d99ef87d29be0bc96c4cf3a2823fea04fafd2a4b736c1156d73b2bb0
-
SHA512
8ca8ddd7609afa50c15927aec910e9a077ffc89aa213d4f3a0bd4c2be7d7e5f4374a06cb58f0f726715e867376f08fbbea16c32ea1286e4b832b496b6d7a42e9
-
SSDEEP
24576:CofiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFYCaGApu8:7TgReFs0ZM0T+Sk6BU7HIFY7G98
Malware Config
Targets
-
-
Target
1a.exe
-
Size
1.4MB
-
MD5
80467b17d18000d6fab38846004e81ea
-
SHA1
1ffbeeeb77a563e7068cbd85c5d2ee2423e01017
-
SHA256
1aa7b910d99ef87d29be0bc96c4cf3a2823fea04fafd2a4b736c1156d73b2bb0
-
SHA512
8ca8ddd7609afa50c15927aec910e9a077ffc89aa213d4f3a0bd4c2be7d7e5f4374a06cb58f0f726715e867376f08fbbea16c32ea1286e4b832b496b6d7a42e9
-
SSDEEP
24576:CofiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFYCaGApu8:7TgReFs0ZM0T+Sk6BU7HIFY7G98
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-