General

  • Target

    readme.exe

  • Size

    403KB

  • Sample

    240504-ypx7nahd6z

  • MD5

    d53ca259be1e3b1e146faee90ba24cbb

  • SHA1

    b8f41722f14ff16235b2d77831b91717ef318239

  • SHA256

    8d578d80eeb351ad5f7c64e454292275ed012954b47ce95841ff09129a8c5a07

  • SHA512

    1bf4c1a5be1f8a24795604800b676ff9dcabef88c038b91adab5912fbcefd1b9e6ab3a5f969aa8f3f6d349f27eac49b19ad59b3110d5745186158c316f294f1c

  • SSDEEP

    1536:KmmKki2RIhZHbTGo9+2WMMo61FxUhdRp4Z9:Kmmxi2RUZ7TGo93WMxLp4Z

Score
10/10

Malware Config

Targets

    • Target

      readme.exe

    • Size

      403KB

    • MD5

      d53ca259be1e3b1e146faee90ba24cbb

    • SHA1

      b8f41722f14ff16235b2d77831b91717ef318239

    • SHA256

      8d578d80eeb351ad5f7c64e454292275ed012954b47ce95841ff09129a8c5a07

    • SHA512

      1bf4c1a5be1f8a24795604800b676ff9dcabef88c038b91adab5912fbcefd1b9e6ab3a5f969aa8f3f6d349f27eac49b19ad59b3110d5745186158c316f294f1c

    • SSDEEP

      1536:KmmKki2RIhZHbTGo9+2WMMo61FxUhdRp4Z9:Kmmxi2RUZ7TGo93WMxLp4Z

    Score
    10/10
    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks