stormkitty | 58d10ab32005fe9f5bca2f8c933af8c89a43a1f49e934f26df9f8a48068ea0b5 | Triage

Submit
Reports

Overview

overview

Static

static

diamond spoofer.exe

windows10-2004-x64

Sharing

General

Target

diamond spoofer.exe
Size

3.9MB
Sample

230201-y9s4fadg7y
MD5

e5b42dbabb058b30f7fcc8a0a2050452
SHA1

9ec11afec660f1e4baed9c764e7995bf755c2011
SHA256

58d10ab32005fe9f5bca2f8c933af8c89a43a1f49e934f26df9f8a48068ea0b5
SHA512

f6199e85ae115650d1c01f4d7bb888701757399611a37b03a9c53100acd8b142ec00ea98bbdca75ef1b8ee9a03043c1ce1566874645f8c3606c75bd55f9b1e23
SSDEEP

98304:y0T+Srp3YVrsk9N8ivyhAdsPSQxhKnWJLXq0f4ogdCyb:xfSVN8iNISOvJzqwU

Score

10^/10

stormkitty spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

diamond spoofer.exe

Resource

win10v2004-20220901-en

stormkitty spyware stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  diamond spoofer.exe
- Size
  
  3.9MB
- MD5
  
  e5b42dbabb058b30f7fcc8a0a2050452
- SHA1
  
  9ec11afec660f1e4baed9c764e7995bf755c2011
- SHA256
  
  58d10ab32005fe9f5bca2f8c933af8c89a43a1f49e934f26df9f8a48068ea0b5
- SHA512
  
  f6199e85ae115650d1c01f4d7bb888701757399611a37b03a9c53100acd8b142ec00ea98bbdca75ef1b8ee9a03043c1ce1566874645f8c3606c75bd55f9b1e23
- SSDEEP
  
  98304:y0T+Srp3YVrsk9N8ivyhAdsPSQxhKnWJLXq0f4ogdCyb:xfSVN8iNISOvJzqwU
Score

10^/10

stormkitty spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

stormkittyspywarestealer

© 2018-2024

Terms | Privacy