General
-
Target
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
Size
2.0MB
-
Sample
230129-x7acwacc9v
-
MD5
9f6db8aa43ccb18c8252f57b5b0268cf
-
SHA1
01c573bede38b1aa8941399c8f9dc9a98ef875b0
-
SHA256
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
SHA512
30f86c857a0028739ef45ea68bf2af6e4cad9e8910e7fec3ad527bf70b3aab504575298643c2092cfb2038cb7237759c45265750af7d83332bdd5edddbfc8d4d
-
SSDEEP
24576:NTGaRYQw6hNNpH05r8tLYXFkHMpg4JW1xXeMWrJPQTnKapyODtimr:N/TkLkeg4w/XYP0nrftiw
Static task
static1
Behavioral task
behavioral1
Sample
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
Size
2.0MB
-
MD5
9f6db8aa43ccb18c8252f57b5b0268cf
-
SHA1
01c573bede38b1aa8941399c8f9dc9a98ef875b0
-
SHA256
5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
-
SHA512
30f86c857a0028739ef45ea68bf2af6e4cad9e8910e7fec3ad527bf70b3aab504575298643c2092cfb2038cb7237759c45265750af7d83332bdd5edddbfc8d4d
-
SSDEEP
24576:NTGaRYQw6hNNpH05r8tLYXFkHMpg4JW1xXeMWrJPQTnKapyODtimr:N/TkLkeg4w/XYP0nrftiw
Score10/10-
StormKitty payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-