stormkitty | 953b70a254e916b3f3c243b724e86ad7089e5683958e8b7ea743efd4c374a269 | Triage

Submit
Reports

Overview

overview

Static

static

mods menu gta.exe

windows10-1703-x64

mods menu gta.exe

windows7-x64

mods menu gta.exe

windows10-2004-x64

Sharing

General

Target

mods menu gta.exe
Size

1.1MB
Sample

230119-n3lqnscg6y
MD5

7615fb83ceebb11399c16d37c2fa44a9
SHA1

d1b4659e1bdb35d0608fe4a977eb34e09ac94725
SHA256

953b70a254e916b3f3c243b724e86ad7089e5683958e8b7ea743efd4c374a269
SHA512

acf7d1f8c139fad7a755bde5bf0cc481b936c538c55f44799a7802d4a4e82a90a9533c61ba9e6f3d97c117f7f739f1c75d078e963ad5df7280d1e1a850057c3f
SSDEEP

24576:ZoNNXaV9x4IUgs36BUI2So5+jnzFoCaGApu84:Ze0T+Sk6BU7HIFo7G98

Score

10^/10

stormkitty spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mods menu gta.exe

Resource

win10-20220812-en

stormkitty spyware stealer

windows10-1703-x64

7 signatures

120 seconds

Behavioral task

behavioral2

Sample

mods menu gta.exe

Resource

win7-20221111-en

stormkitty spyware stealer

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral3

Sample

mods menu gta.exe

Resource

win10v2004-20220901-en

stormkitty spyware stealer

windows10-2004-x64

7 signatures

120 seconds

Malware Config

Targets

- Target
  
  mods menu gta.exe
- Size
  
  1.1MB
- MD5
  
  7615fb83ceebb11399c16d37c2fa44a9
- SHA1
  
  d1b4659e1bdb35d0608fe4a977eb34e09ac94725
- SHA256
  
  953b70a254e916b3f3c243b724e86ad7089e5683958e8b7ea743efd4c374a269
- SHA512
  
  acf7d1f8c139fad7a755bde5bf0cc481b936c538c55f44799a7802d4a4e82a90a9533c61ba9e6f3d97c117f7f739f1c75d078e963ad5df7280d1e1a850057c3f
- SSDEEP
  
  24576:ZoNNXaV9x4IUgs36BUI2So5+jnzFoCaGApu84:Ze0T+Sk6BU7HIFo7G98
Score

10^/10

stormkitty spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

stormkittyspywarestealer

behavioral2

stormkittyspywarestealer

behavioral3

stormkittyspywarestealer

© 2018-2024

Terms | Privacy