General

  • Target

    beef5daf51dadc2acdbccc37a73ccfec

  • Size

    3.6MB

  • Sample

    240310-snf9vsfb59

  • MD5

    beef5daf51dadc2acdbccc37a73ccfec

  • SHA1

    1a49019a42f0a195828bf2a5e7b41013709cc8c9

  • SHA256

    91eab57eaf00089ffd21329eb93e072c8eb7ed79e37c807f6db2859548c8b5d8

  • SHA512

    f6021d968f28a2dbf25e58c0bd9b474662de542b9cdf9dc3454bc97ee30e23aa2bd754c455e6fc973f7cf4ead9ca5c9f186e0cb3f9f6dec1e2f9aa3b31f64580

  • SSDEEP

    98304:qbkDpLr5n9Ov7NCnsAAS7QG0owscxF7ZLN:q2pA7NksAASUqwsOLN

Malware Config

Targets

    • Target

      beef5daf51dadc2acdbccc37a73ccfec

    • Size

      3.6MB

    • MD5

      beef5daf51dadc2acdbccc37a73ccfec

    • SHA1

      1a49019a42f0a195828bf2a5e7b41013709cc8c9

    • SHA256

      91eab57eaf00089ffd21329eb93e072c8eb7ed79e37c807f6db2859548c8b5d8

    • SHA512

      f6021d968f28a2dbf25e58c0bd9b474662de542b9cdf9dc3454bc97ee30e23aa2bd754c455e6fc973f7cf4ead9ca5c9f186e0cb3f9f6dec1e2f9aa3b31f64580

    • SSDEEP

      98304:qbkDpLr5n9Ov7NCnsAAS7QG0owscxF7ZLN:q2pA7NksAASUqwsOLN

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks