Overview

overview

10

Static

static

1

awdsf.zip

windows11-21h2-x64

10

Btc Flasher v2.0.rar

windows11-21h2-x64

3

winrar-x64-700cz.exe

windows11-21h2-x64

1

Resubmissions

01-05-2024 17:35

240501-v55d5acc7v 10

01-05-2024 17:33

240501-v428daee29 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    awdsf.zip

  • Size

    60.9MB

  • Sample

    240501-v55d5acc7v

  • MD5

    cab1090c4b0e97f1e9e3d7dbf10158be

  • SHA1

    33f3418c33006e9b6038f05953e656d60d768b32

  • SHA256

    2b224af944e6b1547cfd36326928c94b940c93f945b4e71b4bb8622fe776efcf

  • SHA512

    c14e9f13baf678a8d81cb442e055905fcb4c16fc6edc05355591a63d4170f5bbdfccdc72d853d67bcc907e7a4fb42ca2727903ab574af557c5aa0cfd9399ab2b

  • SSDEEP

    1572864:Lz600ZZ6AExUcfpW1BozPeCwiyk42uQXTSLmtSsX9+PmmG:n90ZQBfg1Boz2Cww51X8mcnm1

Score
10/10
stormkittycollectiondiscoverypyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      awdsf.zip

    • Size

      60.9MB

    • MD5

      cab1090c4b0e97f1e9e3d7dbf10158be

    • SHA1

      33f3418c33006e9b6038f05953e656d60d768b32

    • SHA256

      2b224af944e6b1547cfd36326928c94b940c93f945b4e71b4bb8622fe776efcf

    • SHA512

      c14e9f13baf678a8d81cb442e055905fcb4c16fc6edc05355591a63d4170f5bbdfccdc72d853d67bcc907e7a4fb42ca2727903ab574af557c5aa0cfd9399ab2b

    • SSDEEP

      1572864:Lz600ZZ6AExUcfpW1BozPeCwiyk42uQXTSLmtSsX9+PmmG:n90ZQBfg1Boz2Cww51X8mcnm1

    Score
    10/10
    stormkittycollectiondiscoverypyinstallerspywarestealerupx

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      Btc Flasher v2.0.rar

    • Size

      57.0MB

    • MD5

      504380d2ec12f175226e8c52d2541ae1

    • SHA1

      aebc3d91838ba8d49c22dccf346388308fc2f026

    • SHA256

      90dce4e29976d703abf53d3acab885d856a3aa6ad52857b3e889b38a6a1cd6b1

    • SHA512

      6e95d9ec25b54863f0b80a8906bcba82744afa63954c0ec1adfd165df0f19f3fbeba7bf5226d0331cb4ada9755acf04a4696f671007cd264e028e6fb1b2f52af

    • SSDEEP

      1572864:svYwUtV2yo9QEdRkJL+NfnXYiqUCIyg/5kpojGefLo88:anUtkjdOJL+NfXYu75/uoiu8

    Score
    3/10
    behavioral2

    • Target

      winrar-x64-700cz.exe

    • Size

      4.0MB

    • MD5

      a6e1d7d6844fc310d25f69da31440127

    • SHA1

      5d669dbc200dfe547beb81f360684ee71f7b60d7

    • SHA256

      48f2f7e71647dce154df9de6223a2ea603fc7f487771bfe0c6d45d440fae5030

    • SHA512

      300e821842eee00bc18dd6dfc79ffe8775da3bfa732b448f669761b9778cf79786de6d61282dc98ad0ee2d7004cc36de6ba3af94e4d01793deda2a2bf997e39b

    • SSDEEP

      98304:TWapOBfKFm2aMyd1jnJ9giQgYVUfjzPtzU:6aXtn41rTBQgtfjztzU

    Score
    1/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks