stormkitty | 5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9 | Triage

Submit
Reports

Overview

overview

Static

static

5fa6364cf8...d9.exe

windows7-x64

1

5fa6364cf8...d9.exe

windows10-2004-x64

Sharing

General

Target

5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
Size

2.0MB
Sample

230129-x7acwacc9v
MD5

9f6db8aa43ccb18c8252f57b5b0268cf
SHA1

01c573bede38b1aa8941399c8f9dc9a98ef875b0
SHA256

5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
SHA512

30f86c857a0028739ef45ea68bf2af6e4cad9e8910e7fec3ad527bf70b3aab504575298643c2092cfb2038cb7237759c45265750af7d83332bdd5edddbfc8d4d
SSDEEP

24576:NTGaRYQw6hNNpH05r8tLYXFkHMpg4JW1xXeMWrJPQTnKapyODtimr:N/TkLkeg4w/XYP0nrftiw

Score

10^/10

stormkitty collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9.exe

Resource

win10v2004-20221111-en

stormkitty collection spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
- Size
  
  2.0MB
- MD5
  
  9f6db8aa43ccb18c8252f57b5b0268cf
- SHA1
  
  01c573bede38b1aa8941399c8f9dc9a98ef875b0
- SHA256
  
  5fa6364cf830ce6501268bf342316c53300fdae27bd852acddc74c77ecf8ced9
- SHA512
  
  30f86c857a0028739ef45ea68bf2af6e4cad9e8910e7fec3ad527bf70b3aab504575298643c2092cfb2038cb7237759c45265750af7d83332bdd5edddbfc8d4d
- SSDEEP
  
  24576:NTGaRYQw6hNNpH05r8tLYXFkHMpg4JW1xXeMWrJPQTnKapyODtimr:N/TkLkeg4w/XYP0nrftiw
Score

10^/10

stormkitty collection spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

stormkittycollectionspywarestealer

© 2018-2024

Terms | Privacy