stormkitty | 54977b912c095aad3344503a6ac190ff9371bb22bb9d71e28aceec66dda8b777 | Triage

Submit
Reports

Overview

overview

Static

static

Hazard-Nuker.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Hazard-Nuker.rar
Size

63KB
Sample

230808-wkdlcagc9w
MD5

3e4cba834e5816dd53214b87db33db08
SHA1

6aec8b656a1c042347267735c79c87bd28d6fb32
SHA256

54977b912c095aad3344503a6ac190ff9371bb22bb9d71e28aceec66dda8b777
SHA512

7cf5e616beb6df3814c796120a4c8a5e7b62ddb5ce92f46a1234cf1bf96e4f00ed282ace518cee01dfa8f67db0faa492c06ef47224f872db551f3aa63dbfc800
SSDEEP

1536:yUwHAygP4H0roH5NMHHj5MGUqLroVHJuWGo:kOBk/MeGep

Score

10^/10

stormkitty persistence stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Hazard-Nuker.exe

Resource

win10v2004-20230703-en

stormkitty persistence stealer

windows10-2004-x64

8 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Hazard-Nuker.exe
- Size
  
  261KB
- MD5
  
  2fc3e8ef37c14a67847253cb9438bbef
- SHA1
  
  b38fba1194eaa65f59746d635751f107b9c763ae
- SHA256
  
  ac9376d351bfde2935460c184dd71e7a4123cdb88c057da27f72386a477d19fe
- SHA512
  
  b756682435a8316ebbcd4d65e0b064514c6f6332fee363f600d23650ca06c7647f530d2edcf0e82f1994a6b4b986f12d8a0495f2263cd6f94dd19e3074f92639
- SSDEEP
  
  3072:fiO7Hla/f/gue2f9bw5hZkOeE0jkaL6r:fdHla/fouek9AKki6
Score

10^/10

stormkitty persistence stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittypersistencestealer

© 2018-2025

Terms | Privacy