stormkitty | 75883a7761887acd7afab7f2acc4f48fe72ff32577397a3c6786ded83db1e57b | Triage

Submit
Reports

Overview

overview

Static

static

ChMetamask.exe

windows7-x64

ChMetamask.exe

windows10-2004-x64

Resubmissions

27-03-2023 10:22

230327-mepxrafa5v 10

04-01-2023 02:34

230104-c2x7jagh6t 10

04-01-2023 02:21

230104-cta22agh5v 10

Sharing

General

Target

ChMetamask.exe
Size

1.3MB
Sample

230104-cta22agh5v
MD5

e7529d32d963da6df89e3ffc6b14cd08
SHA1

4a11070ee8c0030ffdcf299e2b49d180e1890f57
SHA256

75883a7761887acd7afab7f2acc4f48fe72ff32577397a3c6786ded83db1e57b
SHA512

35c220822e24eb8d5b5fef18fd2b7f57b73ab61102632007af89bbe4b9eaca814e817adf6fb0a830c08928cb50e649cdb2da1c5550797ff4b1b377e9ffa99156
SSDEEP

24576:HWiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8L:qgReFs0ZM0T+Sk6BU7HIFo7G98L

Score

10^/10

stormkitty persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ChMetamask.exe

Resource

win7-20220901-en

stormkitty persistence spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChMetamask.exe

Resource

win10v2004-20221111-en

stormkitty spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChMetamask.exe
- Size
  
  1.3MB
- MD5
  
  e7529d32d963da6df89e3ffc6b14cd08
- SHA1
  
  4a11070ee8c0030ffdcf299e2b49d180e1890f57
- SHA256
  
  75883a7761887acd7afab7f2acc4f48fe72ff32577397a3c6786ded83db1e57b
- SHA512
  
  35c220822e24eb8d5b5fef18fd2b7f57b73ab61102632007af89bbe4b9eaca814e817adf6fb0a830c08928cb50e649cdb2da1c5550797ff4b1b377e9ffa99156
- SSDEEP
  
  24576:HWiMngrdePNzQ0ZIxNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8L:qgReFs0ZM0T+Sk6BU7HIFo7G98L
Score

10^/10

stormkitty persistence spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

stormkittypersistencespywarestealer

behavioral2

stormkittyspywarestealer

© 2018-2024

Terms | Privacy