stormkitty | 9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199[.]zip

General

Target

9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199.zip
Size

162KB
MD5

e236fb4dd5e8169f793c5899c771d886
SHA1

8cb04afe57f9a4c876efe11c1bfeef9fc0e1b650
SHA256

0c23ed4d531355ec3052dd4553aac11795ffc59c96fe71eacb0bf38a898d50fc
SHA512

20d8e2f9ddf0130b26d7eb45e6a6a68de008e18f04ca8cd3500e3b89d6680ef2c14c8b08d13fd156267fe5e94d0662aa3142815e521e72c03e439ce5d0266c69
SSDEEP

3072:hVjmxqiKa9qkUWf8jr5JdGH6U+/tdPEY4tXLkiP01TosyYLggPBspLUEFLek8u:hNIqW1UU8jr5JdzU8MJVkiQ8mBaAu

Score

10^/10

stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199.exe	family_stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199.exe

9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199.zip
.zip

Password: infected
9eeb89f878f19ba639abd2af83c5feaf8efb5d9087cc88f66a94fccfd2ba7199.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ