stormkitty | 10e4f69c6745f8eaeda8a3613b8e2b55464d21fb9cf02f0eb7cbc43249b6eb84 | Triage

Submit
Reports

Overview

overview

Static

static

Estado_de_...28.exe

windows10-2004-x64

Sharing

General

Target

Estado_de_Cargamentos_811012912_Impo_2020-10-05_28.exe
Size

417KB
Sample

230111-v3f9hshe6z
MD5

c341650f3a569533323481112df0723f
SHA1

aa4b26f749015b2fbcba6c5c4d7cd46f409d1e68
SHA256

10e4f69c6745f8eaeda8a3613b8e2b55464d21fb9cf02f0eb7cbc43249b6eb84
SHA512

23169c3002a29c89e495072f95948d701f5d040a7d0989e8cde008a83119de10272156bb87e2cb486751122c045b5c92394f1270bb24e1a421c08424a570ec8f
SSDEEP

12288:f8YUsnFTdCQodGoIwRDu+hDgYMY4429xficN:f8YzCZ1Ikq+hEjGwxj

Score

10^/10

stormkitty stealer vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Estado_de_Cargamentos_811012912_Impo_2020-10-05_28.exe

Resource

win10v2004-20220812-es

stormkitty stealer vmprotect

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  Estado_de_Cargamentos_811012912_Impo_2020-10-05_28.exe
- Size
  
  417KB
- MD5
  
  c341650f3a569533323481112df0723f
- SHA1
  
  aa4b26f749015b2fbcba6c5c4d7cd46f409d1e68
- SHA256
  
  10e4f69c6745f8eaeda8a3613b8e2b55464d21fb9cf02f0eb7cbc43249b6eb84
- SHA512
  
  23169c3002a29c89e495072f95948d701f5d040a7d0989e8cde008a83119de10272156bb87e2cb486751122c045b5c92394f1270bb24e1a421c08424a570ec8f
- SSDEEP
  
  12288:f8YUsnFTdCQodGoIwRDu+hDgYMY4429xficN:f8YzCZ1Ikq+hEjGwxj
Score

10^/10

stormkitty stealer vmprotect
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Downloads MZ/PE file
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

stormkittystealervmprotect

© 2018-2024

Terms | Privacy