stormkitty | 2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6 | Triage

Submit
Reports

Overview

overview

Static

static

04.exe

windows7-x64

04.exe

windows10-2004-x64

Sharing

General

Target

04.exe
Size

310KB
Sample

230322-ry481ahc97
MD5

0443c3768dca6ea9419f767010c6d81e
SHA1

74ccd8aa523196622935ab9ebc16bf2fdffee925
SHA256

2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6
SHA512

515c5765a237a3f510323f930f56fa2be20c5ef8c4e94c2c1915ea1b4e8cbac06d30511f76614ae9da948c028aa1fe8130b6ddd16a808ce4588fd60d40523a52
SSDEEP

6144:NLbzaxqIKiP92WnTHuGI2esp2mtMviKdrmJR5tkhjMOBQmUElN:dbza19c0LHNzp2mtEiUrmMXQmb

Score

10^/10

stormkitty collection spyware stealer vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

04.exe

Resource

win7-20230220-en

stormkitty stealer vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

04.exe

Resource

win10v2004-20230221-en

stormkitty collection spyware stealer vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  04.exe
- Size
  
  310KB
- MD5
  
  0443c3768dca6ea9419f767010c6d81e
- SHA1
  
  74ccd8aa523196622935ab9ebc16bf2fdffee925
- SHA256
  
  2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6
- SHA512
  
  515c5765a237a3f510323f930f56fa2be20c5ef8c4e94c2c1915ea1b4e8cbac06d30511f76614ae9da948c028aa1fe8130b6ddd16a808ce4588fd60d40523a52
- SSDEEP
  
  6144:NLbzaxqIKiP92WnTHuGI2esp2mtMviKdrmJR5tkhjMOBQmUElN:dbza19c0LHNzp2mtEiUrmMXQmb
Score

10^/10

stormkitty stealer vmprotect collection spyware
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Downloads MZ/PE file
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

stormkittystealervmprotect

behavioral2

stormkittycollectionspywarestealervmprotect

© 2018-2024

Terms | Privacy