General

  • Target

    Hybris Cheats 2.0.exe

  • Size

    2.1MB

  • Sample

    240705-ck2tdssdmg

  • MD5

    33fc13060dae9898c49e68d3b6c0bbb9

  • SHA1

    b6aee8c18fd958c4510613cd917958cd50bfae16

  • SHA256

    c694da935086f4ca6eab6310aa7f1c3e3a598c29d30c32efcf4a40083f1fb0cd

  • SHA512

    28cfc565ffbba47c2b10f40df4f6dce1c5cc09f8d7ec231d22ded4f2a0797d313abd3afda77677a49d688158d247dae0f1764f8378abfe9e1e8fa3dacd4e9ab9

  • SSDEEP

    49152:H4/o7K1lja8Gdq7ZMHbLjSR9SBl5c9Tc+MGlDKVXhWd9/2Ahe:Y/zXjaL4ZMHbLjQElAcfMDzhe

Malware Config

Targets

    • Target

      Hybris Cheats 2.0.exe

    • Size

      2.1MB

    • MD5

      33fc13060dae9898c49e68d3b6c0bbb9

    • SHA1

      b6aee8c18fd958c4510613cd917958cd50bfae16

    • SHA256

      c694da935086f4ca6eab6310aa7f1c3e3a598c29d30c32efcf4a40083f1fb0cd

    • SHA512

      28cfc565ffbba47c2b10f40df4f6dce1c5cc09f8d7ec231d22ded4f2a0797d313abd3afda77677a49d688158d247dae0f1764f8378abfe9e1e8fa3dacd4e9ab9

    • SSDEEP

      49152:H4/o7K1lja8Gdq7ZMHbLjSR9SBl5c9Tc+MGlDKVXhWd9/2Ahe:Y/zXjaL4ZMHbLjQElAcfMDzhe

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks