General

  • Target

    5527b09a684164d601e9fcdc900f44d1710f67f5830917f5f8b3b611b135090aexe_JC.exe

  • Size

    564KB

  • Sample

    230803-w13keafe42

  • MD5

    9b0183aaf76bb587e4f5feb7b3998831

  • SHA1

    20ff0827d7c82bb6361c0dd17c74e330170f3b96

  • SHA256

    5527b09a684164d601e9fcdc900f44d1710f67f5830917f5f8b3b611b135090a

  • SHA512

    e383ef51291beed9a6d512cca34b1cbbed4942d14a152b82cb4d660b45a41fe7e0b85306a7e9895a2a911abaf9202de80faf1b3fff97e232f8bae5e4b19c1035

  • SSDEEP

    12288:pjOtvHMm5xZT+tkxP848re63Kf/STAUX1jupSufXiEtv8JN:lOtT5xDVP8r5MIAUlSciXiAv8JN

Malware Config

Targets

    • Target

      5527b09a684164d601e9fcdc900f44d1710f67f5830917f5f8b3b611b135090aexe_JC.exe

    • Size

      564KB

    • MD5

      9b0183aaf76bb587e4f5feb7b3998831

    • SHA1

      20ff0827d7c82bb6361c0dd17c74e330170f3b96

    • SHA256

      5527b09a684164d601e9fcdc900f44d1710f67f5830917f5f8b3b611b135090a

    • SHA512

      e383ef51291beed9a6d512cca34b1cbbed4942d14a152b82cb4d660b45a41fe7e0b85306a7e9895a2a911abaf9202de80faf1b3fff97e232f8bae5e4b19c1035

    • SSDEEP

      12288:pjOtvHMm5xZT+tkxP848re63Kf/STAUX1jupSufXiEtv8JN:lOtT5xDVP8r5MIAUlSciXiAv8JN

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks