stormkitty | ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0 | Triage

Submit
Reports

Overview

overview

Static

static

NitroGen V15.exe

windows10-2004-x64

Sharing

General

Target

NitroGen V15.exe
Size

4.0MB
Sample

230205-vygz9adf4w
MD5

4fdc85ca0f6c4fe9f3d91e20e43ee0f5
SHA1

eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
SHA256

ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
SHA512

32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
SSDEEP

98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4

Score

10^/10

stormkitty spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

NitroGen V15.exe

Resource

win10v2004-20220812-en

stormkitty spyware stealer

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Targets

- Target
  
  NitroGen V15.exe
- Size
  
  4.0MB
- MD5
  
  4fdc85ca0f6c4fe9f3d91e20e43ee0f5
- SHA1
  
  eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
- SHA256
  
  ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
- SHA512
  
  32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
- SSDEEP
  
  98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4
Score

10^/10

stormkitty spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

stormkittyspywarestealer

© 2018-2024

Terms | Privacy