General

  • Target

    5b45d82c1bdeb0b5b91c84cd61c0359f95440e2a02ccc46258e76d4f4f679030exe_JC.exe

  • Size

    309KB

  • Sample

    230804-s1hcpaca66

  • MD5

    7676d190a2a572a61972464293c7ba38

  • SHA1

    9b5b992e855d4139d7b074149a68b05b04eca27c

  • SHA256

    5b45d82c1bdeb0b5b91c84cd61c0359f95440e2a02ccc46258e76d4f4f679030

  • SHA512

    4321be10b5da54380f5abd2f21e81f6d481f7cf0b09f55c92b24eecc6272ca59fbe47fedca806417efed37169c94ff80eb72fa3454a568f268fc81fa5ed6fd16

  • SSDEEP

    6144:J1jCUYVklKf/STDbILwh4seUp3Op3kfgZzjXLOEDfvMs/clN:J1jH1lKf/STAUh1j+pS2fXiEDvXG

Malware Config

Targets

    • Target

      5b45d82c1bdeb0b5b91c84cd61c0359f95440e2a02ccc46258e76d4f4f679030exe_JC.exe

    • Size

      309KB

    • MD5

      7676d190a2a572a61972464293c7ba38

    • SHA1

      9b5b992e855d4139d7b074149a68b05b04eca27c

    • SHA256

      5b45d82c1bdeb0b5b91c84cd61c0359f95440e2a02ccc46258e76d4f4f679030

    • SHA512

      4321be10b5da54380f5abd2f21e81f6d481f7cf0b09f55c92b24eecc6272ca59fbe47fedca806417efed37169c94ff80eb72fa3454a568f268fc81fa5ed6fd16

    • SSDEEP

      6144:J1jCUYVklKf/STDbILwh4seUp3Op3kfgZzjXLOEDfvMs/clN:J1jH1lKf/STAUh1j+pS2fXiEDvXG

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks