stormkitty | 2db46ad5e0370f7f9762fd2ed5ca32e2bfcb7d78c56df7240cd4ff05889dd4d0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

35b5b0cc10...23.exe

windows7-x64

35b5b0cc10...23.exe

windows10-2004-x64

1

Sharing

General

Target

35b5b0cc100e0ba95f366d6a3b427823.exe
Size

490KB
Sample

240102-tbzq4sbhc7
MD5

35b5b0cc100e0ba95f366d6a3b427823
SHA1

2845a8d906a0c93281c560de1e2e3d5a8ae2a546
SHA256

2db46ad5e0370f7f9762fd2ed5ca32e2bfcb7d78c56df7240cd4ff05889dd4d0
SHA512

29252fdfd992ec5d0d351d43bed65872f0a5637a1854fbe796aa37f9dfbba4e11d0ba2be8418c56a79a846100e96418c7ee7d8bc8ee1b489a5a8bd0ca073841d
SSDEEP

12288:CTPh8TlBsPJ78hCWS0ok+jhXWuz/qMvp5h93Yure:zl870

Score

10^/10

stormkitty spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35b5b0cc100e0ba95f366d6a3b427823.exe

Resource

win7-20231129-en

stormkitty spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

35b5b0cc100e0ba95f366d6a3b427823.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  35b5b0cc100e0ba95f366d6a3b427823.exe
- Size
  
  490KB
- MD5
  
  35b5b0cc100e0ba95f366d6a3b427823
- SHA1
  
  2845a8d906a0c93281c560de1e2e3d5a8ae2a546
- SHA256
  
  2db46ad5e0370f7f9762fd2ed5ca32e2bfcb7d78c56df7240cd4ff05889dd4d0
- SHA512
  
  29252fdfd992ec5d0d351d43bed65872f0a5637a1854fbe796aa37f9dfbba4e11d0ba2be8418c56a79a846100e96418c7ee7d8bc8ee1b489a5a8bd0ca073841d
- SSDEEP
  
  12288:CTPh8TlBsPJ78hCWS0ok+jhXWuz/qMvp5h93Yure:zl870
Score

10^/10

stormkitty spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittyspywarestealer

behavioral2

© 2018-2025

Terms | Privacy