General

  • Target

    fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40.exe

  • Size

    2.9MB

  • Sample

    230803-t3gdvaed57

  • MD5

    9bb4f8efcb4bd9f775cbf2bb124b52fa

  • SHA1

    293c86f7c01b2112acd8f501eb6bece4261c0c68

  • SHA256

    fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40

  • SHA512

    7d5b92476685053d2ee690d09b548580ec828803eebd1863706bd93235ff94f2281bcfb16fb36ec8725220370377892e342f9948727de8b8a9b405029705cf0a

  • SSDEEP

    49152:yJCdNYoYW4IETrsgUvu9N8ivdKDhA+WsPP6QmUTftIsmNm/5XhG34AiROr2J3Y2D:yJYYVrsk9N8ivyhAdsPSQxgU11lwr2Jh

Malware Config

Targets

    • Target

      fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40.exe

    • Size

      2.9MB

    • MD5

      9bb4f8efcb4bd9f775cbf2bb124b52fa

    • SHA1

      293c86f7c01b2112acd8f501eb6bece4261c0c68

    • SHA256

      fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40

    • SHA512

      7d5b92476685053d2ee690d09b548580ec828803eebd1863706bd93235ff94f2281bcfb16fb36ec8725220370377892e342f9948727de8b8a9b405029705cf0a

    • SSDEEP

      49152:yJCdNYoYW4IETrsgUvu9N8ivdKDhA+WsPP6QmUTftIsmNm/5XhG34AiROr2J3Y2D:yJYYVrsk9N8ivyhAdsPSQxgU11lwr2Jh

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks