stormkitty | 4ad372e2eadd9de51da7cd1e4[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ad372e2eadd9de51da7cd1e4.bin
Size

36KB
MD5

bae6b079f3125dfc9ba59997fe0c4d9f
SHA1

3013927da8f140d113c8d481598473e72ddf2111
SHA256

88f071219e1a8e4261b3e2422f8be1be3bbe26c3fefd9fcddfb28abfc824416e
SHA512

fa5d63db654bc80abbc2d2cde0f04183c4e6ff6bab71154fd616b9df1b02624ef5f286ea4f83b109c8cafe0dd9dc635b22fb08b11701007028971f664b800b25
SSDEEP

768:GXMP64RaK1f2Rif57lNv3IyW/SGSAgeu/f7wqa:Gc6WkIf574gjwqa

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/d0bd9a949008bd7b53aaf93d628840d3f838f2c2e5dcd44646e7cf90e2da17d3.exe	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d0bd9a949008bd7b53aaf93d628840d3f838f2c2e5dcd44646e7cf90e2da17d3.exe

Files

4ad372e2eadd9de51da7cd1e4.bin
.zip

Password: infected
d0bd9a949008bd7b53aaf93d628840d3f838f2c2e5dcd44646e7cf90e2da17d3.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ