stormkitty | e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380 | Triage

Submit
Reports

Overview

overview

Static

static

e63552d73d...80.exe

windows7-x64

e63552d73d...80.exe

windows10-2004-x64

Sharing

General

Target

e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380
Size

5.2MB
Sample

230129-wp7d8ahh2v
MD5

5def491d2cc25c24765d897843226210
SHA1

b00494f3ccfa755e397cc612ed5950443adb6829
SHA256

e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380
SHA512

443c78b4b73c6eb616243e492e2a3f23a4f852176c8116301ff31165fea2fdd37f5b6decf5d57479b0601ebc1a52edc041f4508a1a8ef66603a9e96efc3564a4
SSDEEP

98304:8SE+g/0RG5QgPY4codEyupXapyNfmhlyDVdGuJej1EHy77sxYvrBEyNPjuchp0q+:dg/0RG5+oI6S+mD0osAxYvraiaC2qa4K

Score

10^/10

stormkitty collection discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380.exe

Resource

win7-20220812-en

stormkitty collection discovery spyware stealer upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380.exe

Resource

win10v2004-20220812-en

stormkitty collection discovery spyware stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380
- Size
  
  5.2MB
- MD5
  
  5def491d2cc25c24765d897843226210
- SHA1
  
  b00494f3ccfa755e397cc612ed5950443adb6829
- SHA256
  
  e63552d73d02f789f33f835be4dd16fe9f682928277d6d4cff750a8a7ca66380
- SHA512
  
  443c78b4b73c6eb616243e492e2a3f23a4f852176c8116301ff31165fea2fdd37f5b6decf5d57479b0601ebc1a52edc041f4508a1a8ef66603a9e96efc3564a4
- SSDEEP
  
  98304:8SE+g/0RG5QgPY4codEyupXapyNfmhlyDVdGuJej1EHy77sxYvrBEyNPjuchp0q+:dg/0RG5+oI6S+mD0osAxYvraiaC2qa4K
Score

10^/10

stormkitty collection discovery spyware stealer upx
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

stormkittycollectiondiscoveryspywarestealerupx

behavioral2

stormkittycollectiondiscoveryspywarestealerupx

© 2018-2024

Terms | Privacy