General
-
Target
04.exe
-
Size
310KB
-
Sample
230322-ry5jrsbc3z
-
MD5
0443c3768dca6ea9419f767010c6d81e
-
SHA1
74ccd8aa523196622935ab9ebc16bf2fdffee925
-
SHA256
2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6
-
SHA512
515c5765a237a3f510323f930f56fa2be20c5ef8c4e94c2c1915ea1b4e8cbac06d30511f76614ae9da948c028aa1fe8130b6ddd16a808ce4588fd60d40523a52
-
SSDEEP
6144:NLbzaxqIKiP92WnTHuGI2esp2mtMviKdrmJR5tkhjMOBQmUElN:dbza19c0LHNzp2mtEiUrmMXQmb
Behavioral task
behavioral1
Sample
04.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
04.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
04.exe
-
Size
310KB
-
MD5
0443c3768dca6ea9419f767010c6d81e
-
SHA1
74ccd8aa523196622935ab9ebc16bf2fdffee925
-
SHA256
2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6
-
SHA512
515c5765a237a3f510323f930f56fa2be20c5ef8c4e94c2c1915ea1b4e8cbac06d30511f76614ae9da948c028aa1fe8130b6ddd16a808ce4588fd60d40523a52
-
SSDEEP
6144:NLbzaxqIKiP92WnTHuGI2esp2mtMviKdrmJR5tkhjMOBQmUElN:dbza19c0LHNzp2mtEiUrmMXQmb
Score10/10-
StormKitty payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-