Overview

overview

10

Static

static

10

Bunifu.Licensing.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

DragAssembly.dll

windows10-2004-x64

1

Mono.Cecil.Mdb.dll

windows10-2004-x64

1

Mono.Cecil.Pdb.dll

windows10-2004-x64

1

Mono.Cecil.Rocks.dll

windows10-2004-x64

1

Mono.Cecil.dll

windows10-2004-x64

1

Prynt Stea...ed.exe

windows10-2004-x64

10

Siticone.UI.dll

windows10-2004-x64

1

stub/DotNetZip.dll

windows10-2004-x64

1

stub/DotNetZip_.dll

windows10-2004-x64

1

stub/build.exe

windows10-2004-x64

10

stub/stub4.5.1.exe

windows10-2004-x64

10

stub/stub4.5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stub/stub4.5.1.exe

  • Size

    251KB

  • MD5

    7eea56ea4822ec3da3e86362c32e9304

  • SHA1

    ab8a0d7fd81bb61a63c8caeb52081da2fb3e5709

  • SHA256

    3e383968fbdd567bb56c293837fd2965615246f40b95876a0ff954b06b34b40c

  • SHA512

    61bd378e682519bbfc8dd33fb83865fb9a0e36fb9b1b086593a619992fd6480791d51e4a256f67a31394c6a67db1a5a2e8ee16c3b983c4734288834f9d3a3b57

  • SSDEEP

    6144:gpksnd7L4+m9bQfDFcSEuNYnMuBAnLzuyvwWoSF:g2snJ51FEuNYB8z1wWo4

Score
10/10
stormkittystealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stub\stub4.5.1.exe
    "C:\Users\Admin\AppData\Local\Temp\stub\stub4.5.1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpC73D.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpC73D.tmp.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1812
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:3736
        • C:\Windows\system32\taskkill.exe
          TaskKill /F /IM 2756
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4448
        • C:\Windows\system32\timeout.exe
          Timeout /T 2 /Nobreak
          3⤵
          • Delays execution with timeout.exe
          PID:4632

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmpC73D.tmp.bat
      Filesize

      121B

      MD5

      537e78fc78e60c75dc5c29523ba9bcc4

      SHA1

      ca5fead3a59754e9db49c74ec1450f7972a04ec6

      SHA256

      6eb8941b5ccdc7f80936bd0789c4f2d938e2c17c5f1b322e982c660a31e75685

      SHA512

      1cbbfbeeca9d647d1d06b000e7ec74b6eab7943402c8da2d16c3164374c7cba5a0c472e71b008d727d00ab0103cf2b02c73d487ed316feb7e33a82c6c7bd7323

      Download Submit

    • memory/2756-133-0x0000022ABBFE0000-0x0000022ABC024000-memory.dmp

      Filesize

      272KB

      Download

    • memory/2756-135-0x0000022AD72D0000-0x0000022AD72E0000-memory.dmp

      Filesize

      64KB

      Download