stormkitty | 5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699 | Triage

Submit
Reports

Overview

overview

Static

static

Raccoon St...er.exe

windows7-x64

Raccoon St...er.exe

windows10-2004-x64

Sharing

General

Target

Raccoon Stealer Builder.exe
Size

239KB
Sample

230131-bs9crsff7t
MD5

0de94fc3e5f5e0e34d26abef5d3d6d2b
SHA1

23c26448be63a797e4b0166d6919ae9402aba6cc
SHA256

5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699
SHA512

bf6b2cfae5819c84e75bfb30193038d21fae0fdef82f91251bef904940bf8a866ad0ddd97980548400b83c08b0d4622b1f7a3f852b087d13a4f925ffe339950b
SSDEEP

3072:7+bZPfpKU+oF9a3voehFxtyI75ytEa+LFFCxge1nw1TV/oOWk:abpfpKU+u9obr70+ZmgoOWk

Score

10^/10

stormkitty persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Raccoon Stealer Builder.exe

Resource

win7-20221111-en

stormkitty persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Raccoon Stealer Builder.exe

Resource

win10v2004-20220812-en

stormkitty stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Raccoon Stealer Builder.exe
- Size
  
  239KB
- MD5
  
  0de94fc3e5f5e0e34d26abef5d3d6d2b
- SHA1
  
  23c26448be63a797e4b0166d6919ae9402aba6cc
- SHA256
  
  5d98c3afedbff733afeabec59003a7a952d2e09fd5179fa71d0745454ee59699
- SHA512
  
  bf6b2cfae5819c84e75bfb30193038d21fae0fdef82f91251bef904940bf8a866ad0ddd97980548400b83c08b0d4622b1f7a3f852b087d13a4f925ffe339950b
- SSDEEP
  
  3072:7+bZPfpKU+oF9a3voehFxtyI75ytEa+LFFCxge1nw1TV/oOWk:abpfpKU+u9obr70+ZmgoOWk
Score

10^/10

stormkitty persistence stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

stormkittypersistencestealer

behavioral2

stormkittystealer

© 2018-2024

Terms | Privacy