General

  • Target

    173041a84f38f3bd419a6993ff06c7c3e53bb763058036d4b25a047e190a50dbexe_JC.exe

  • Size

    460KB

  • Sample

    230803-s4xa1sfb3z

  • MD5

    c52d61f4527cea4f33072d9261c66e0d

  • SHA1

    e04686e3c845fa8dbeea70d2da18585abf4525b4

  • SHA256

    173041a84f38f3bd419a6993ff06c7c3e53bb763058036d4b25a047e190a50db

  • SHA512

    752d600987c2bac6cd9fb93dc19050b92d504572b32c096f14036904b115b272699eaaab6a2423966bb70aa1c20a264192b76b7149c3bc8f28b77aef6567dbd1

  • SSDEEP

    6144:czSo/d5hYVOJ0WTUcrVA+cSJdtyDvU1N/ZZ9wdI4e41R6/I02XCkQSxK8Y+xiSoI:wSpWIEigyY1N/ZZ741RB0FS

Malware Config

Targets

    • Target

      173041a84f38f3bd419a6993ff06c7c3e53bb763058036d4b25a047e190a50dbexe_JC.exe

    • Size

      460KB

    • MD5

      c52d61f4527cea4f33072d9261c66e0d

    • SHA1

      e04686e3c845fa8dbeea70d2da18585abf4525b4

    • SHA256

      173041a84f38f3bd419a6993ff06c7c3e53bb763058036d4b25a047e190a50db

    • SHA512

      752d600987c2bac6cd9fb93dc19050b92d504572b32c096f14036904b115b272699eaaab6a2423966bb70aa1c20a264192b76b7149c3bc8f28b77aef6567dbd1

    • SSDEEP

      6144:czSo/d5hYVOJ0WTUcrVA+cSJdtyDvU1N/ZZ9wdI4e41R6/I02XCkQSxK8Y+xiSoI:wSpWIEigyY1N/ZZ741RB0FS

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Deletes itself

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks