General
-
Target
15af2fdf73ac8bc398d07675eabc217a558ce7d419dbb41d07bd9db94c3e8b73
-
Size
337KB
-
Sample
230417-twkgxsfb46
-
MD5
9bec6e35675d3581a3fa59af2533cb13
-
SHA1
d852f6167f087c1b0f37712999fb6e906308eaa1
-
SHA256
15af2fdf73ac8bc398d07675eabc217a558ce7d419dbb41d07bd9db94c3e8b73
-
SHA512
b33c6403f5dc003726a09edb9927f5efa826fa95f0f3a867c1b3dd74a4729e735aea3eab8e188e7fc1a2903132deedb38bb1426a86459481a4bbeafcc7a2d56b
-
SSDEEP
6144:Ovy4fJ3HCbMfX5SJhg7aQJeCK3uiGCqhJQk/0qcZZ4uO3h5334fP+Imq:d4h3Whg7aQJeCerGdhj/0nZ8f4fWN
Malware Config
Targets
-
-
Target
15af2fdf73ac8bc398d07675eabc217a558ce7d419dbb41d07bd9db94c3e8b73
-
Size
337KB
-
MD5
9bec6e35675d3581a3fa59af2533cb13
-
SHA1
d852f6167f087c1b0f37712999fb6e906308eaa1
-
SHA256
15af2fdf73ac8bc398d07675eabc217a558ce7d419dbb41d07bd9db94c3e8b73
-
SHA512
b33c6403f5dc003726a09edb9927f5efa826fa95f0f3a867c1b3dd74a4729e735aea3eab8e188e7fc1a2903132deedb38bb1426a86459481a4bbeafcc7a2d56b
-
SSDEEP
6144:Ovy4fJ3HCbMfX5SJhg7aQJeCK3uiGCqhJQk/0qcZZ4uO3h5334fP+Imq:d4h3Whg7aQJeCerGdhj/0nZ8f4fWN
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-