stormkitty | NitroGen V15[.]exe | Triage

Sharing

General

Target

NitroGen V15.exe
Size

4.0MB
MD5

4fdc85ca0f6c4fe9f3d91e20e43ee0f5
SHA1

eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
SHA256

ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
SHA512

32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
SSDEEP

98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4

Score

10^/10

stormkitty

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource yara_rule

sample Nirsoft
StormKitty payload 1 IoCs

Processes:

resource yara_rule

sample family_stormkitty
Stormkitty family
stormkitty
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers

Processes:

resource yara_rule

sample WebBrowserPassView

Files

NitroGen V15.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ