General
-
Target
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb
-
Size
1.3MB
-
Sample
230129-v3gv2sha2t
-
MD5
e16bc2f365ed3c906d77ce5cc4b2ef1d
-
SHA1
dd2bbc391610f865c3b9a37444785c9860e8304d
-
SHA256
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb
-
SHA512
4349e138c66168780de1031cef2028ff1e6f241de55ea4e71e46027e8af19f938fa19ad52b88bc1f0a343ce6912cc66e3eeac6f4f906995cca0459627a73b866
-
SSDEEP
24576:tewrB1O2DwUhJ3WrflUQI7XqTUlUnyKy0uysFyoy5PzMPpUsx8IsUD+Cp9sD2enY:MwN84J3Wr9UlzqAyC0uysUt5PzYUQxDh
Static task
static1
Behavioral task
behavioral1
Sample
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb
-
Size
1.3MB
-
MD5
e16bc2f365ed3c906d77ce5cc4b2ef1d
-
SHA1
dd2bbc391610f865c3b9a37444785c9860e8304d
-
SHA256
d6df76fe71f608385bb7cf4e45687cff3e39a746ef160bb4332b9938b344d6bb
-
SHA512
4349e138c66168780de1031cef2028ff1e6f241de55ea4e71e46027e8af19f938fa19ad52b88bc1f0a343ce6912cc66e3eeac6f4f906995cca0459627a73b866
-
SSDEEP
24576:tewrB1O2DwUhJ3WrflUQI7XqTUlUnyKy0uysFyoy5PzMPpUsx8IsUD+Cp9sD2enY:MwN84J3Wr9UlzqAyC0uysUt5PzYUQxDh
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-