General

  • Target

    3d22b8ae19ff1a0ff76edfed0a30c480_NEAS

  • Size

    303KB

  • Sample

    240507-awkyxadc83

  • MD5

    3d22b8ae19ff1a0ff76edfed0a30c480

  • SHA1

    8444020a6422e68ba4c6218f83ac8fc2b85d1f50

  • SHA256

    d0d8cabf89f4fcb086977a8d2b269db8ba7999b7a833ec41ac772b67e474fc77

  • SHA512

    c173a7e6c6bb246647ad1c37447938806e02d62e32275a5a3ee7c320e83d80ce6ce86ac7c429e784c1e0b91854f7010694becdb398d917f311e393016747843a

  • SSDEEP

    6144:OrvdnkY1wQfFoHrnPztUerMjrD9UzkPscQB22iF:OrlnfCLPuBjrDbTyq

Malware Config

Targets

    • Target

      3d22b8ae19ff1a0ff76edfed0a30c480_NEAS

    • Size

      303KB

    • MD5

      3d22b8ae19ff1a0ff76edfed0a30c480

    • SHA1

      8444020a6422e68ba4c6218f83ac8fc2b85d1f50

    • SHA256

      d0d8cabf89f4fcb086977a8d2b269db8ba7999b7a833ec41ac772b67e474fc77

    • SHA512

      c173a7e6c6bb246647ad1c37447938806e02d62e32275a5a3ee7c320e83d80ce6ce86ac7c429e784c1e0b91854f7010694becdb398d917f311e393016747843a

    • SSDEEP

      6144:OrvdnkY1wQfFoHrnPztUerMjrD9UzkPscQB22iF:OrlnfCLPuBjrDbTyq

    • Detect Xworm Payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks