Resubmissions

02-08-2023 14:31

230802-rvrhqsgb8w 10

02-08-2023 14:17

230802-rlpyjsgb5x 10

General

  • Target

    https://disk.yandex.ru/d/P8MvK0kCBDJ3Pg

  • Sample

    230802-rvrhqsgb8w

Score
10/10

Malware Config

Targets

    • Target

      https://disk.yandex.ru/d/P8MvK0kCBDJ3Pg

    Score
    10/10
    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks