stormkitty | 86074b8645dfee9075aff87ce515385b90b12cb01d61704d66b006ea677438c0 | Triage

Submit
Reports

Overview

overview

Static

static

3

283aeb8dfa...18.exe

windows7-x64

283aeb8dfa...18.exe

windows10-2004-x64

Sharing

General

Target

283aeb8dfa6c77eea35b2b9bac39f670_JaffaCakes118
Size

1.3MB
Sample

240706-mkhqmawdnj
MD5

283aeb8dfa6c77eea35b2b9bac39f670
SHA1

97874c5720875e87e72fe2814fa71c3ebc685c1b
SHA256

86074b8645dfee9075aff87ce515385b90b12cb01d61704d66b006ea677438c0
SHA512

3d1e110a0927d38ffdca0591693feab169979fddd3276e04bd3da7eda8b3d7770221345684941acd5f70831d28bfb8324e94b06be35f9d1db5c454012f4866e8
SSDEEP

24576:Igh05KKSKOyddoHtK6nvTyfwOsAF/ANmzV3lw69m+XpLaPGAzMJD2r:BqkttvTFO/AYm+Zy/MJI

Score

10^/10

stormkitty collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

283aeb8dfa6c77eea35b2b9bac39f670_JaffaCakes118.exe

Resource

win7-20240705-en

stormkitty stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

283aeb8dfa6c77eea35b2b9bac39f670_JaffaCakes118.exe

Resource

win10v2004-20240704-en

stormkitty collection spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  283aeb8dfa6c77eea35b2b9bac39f670_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  283aeb8dfa6c77eea35b2b9bac39f670
- SHA1
  
  97874c5720875e87e72fe2814fa71c3ebc685c1b
- SHA256
  
  86074b8645dfee9075aff87ce515385b90b12cb01d61704d66b006ea677438c0
- SHA512
  
  3d1e110a0927d38ffdca0591693feab169979fddd3276e04bd3da7eda8b3d7770221345684941acd5f70831d28bfb8324e94b06be35f9d1db5c454012f4866e8
- SSDEEP
  
  24576:Igh05KKSKOyddoHtK6nvTyfwOsAF/ANmzV3lw69m+XpLaPGAzMJD2r:BqkttvTFO/AYm+Zy/MJI
Score

10^/10

stormkitty stealer collection spyware
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittystealer

behavioral2

stormkittycollectionspywarestealer

© 2018-2025

Terms | Privacy