Overview

overview

10

Static

static

10

Bunifu.Licensing.dll

windows10-2004-x64

1

Bunifu.UI....on.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

Bunifu.UI....el.dll

windows10-2004-x64

1

Bunifu.UI....ox.dll

windows10-2004-x64

1

DragAssembly.dll

windows10-2004-x64

1

Mono.Cecil.Mdb.dll

windows10-2004-x64

1

Mono.Cecil.Pdb.dll

windows10-2004-x64

1

Mono.Cecil.Rocks.dll

windows10-2004-x64

1

Mono.Cecil.dll

windows10-2004-x64

1

Prynt Stea...ed.exe

windows10-2004-x64

10

Siticone.UI.dll

windows10-2004-x64

1

stub/DotNetZip.dll

windows10-2004-x64

1

stub/DotNetZip_.dll

windows10-2004-x64

1

stub/build.exe

windows10-2004-x64

10

stub/stub4.5.1.exe

windows10-2004-x64

10

stub/stub4.5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    62s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-03-2023 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stub/stub4.5.exe

  • Size

    251KB

  • MD5

    787c59882e9b7c46a800f44f6bb56a52

  • SHA1

    92bfffef47597329479dd636d8aa0613740a7e6f

  • SHA256

    3897171f1a25fa0d42e7658b72479e2089dbb51ad36658f2481326f4a9c13544

  • SHA512

    282ba558ef4adf6e011233919389f5a7936b955621062fc9169eb72f83b307bdc4707fa5dec7550658ebbb097f20159e5458722c6c829840e504792ac068438e

  • SSDEEP

    6144:tpksnd7X45m9bQf3FcSEuNYnMuBAnLzuyvwWoSF:t2snJihFEuNYB8z1wWo4

Score
10/10
stormkittystealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stub\stub4.5.exe
    "C:\Users\Admin\AppData\Local\Temp\stub\stub4.5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp74B8.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp74B8.tmp.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4488
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:3448
        • C:\Windows\system32\taskkill.exe
          TaskKill /F /IM 3736
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2084
        • C:\Windows\system32\timeout.exe
          Timeout /T 2 /Nobreak
          3⤵
          • Delays execution with timeout.exe
          PID:400

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp74B8.tmp.bat
      Filesize

      119B

      MD5

      5983cc5db026a789a707f72613e5d20e

      SHA1

      d9c1d28261c1b4f2d48acdc8b3b7f5b1da16de7a

      SHA256

      e7076b1cb85dafb72384bb5416daa9e11c87529a6ce7d814f77b8068e79776e1

      SHA512

      f495e71351c6d132efbc87a8c5a23ef3dadd077b7cc9f997c7ff8aee7091d28e1aa8a72be81949ff4481d453815bc7b5ec236e8939908c4192b8b41f7945a7eb

      Download Submit
    • memory/3736-133-0x000002135A2F0000-0x000002135A334000-memory.dmp
      Filesize

      272KB

      Download
    • memory/3736-135-0x00000213754C0000-0x00000213754D0000-memory.dmp
      Filesize

      64KB

      Download