Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe

  • Size

    320KB

  • MD5

    86108d3bcc19fe774cc81b71494d31f9

  • SHA1

    d936ce0c2f3ddc35f972c3a87fcaeb036412e009

  • SHA256

    9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b

  • SHA512

    151411bf7603856b39169b40cd7b7c68eff1f3f6ccba27d6767384b390e688287c6823aa3f542eeeded92c0e5b584ed429948b99d3c8e22c2b626fdd6bf849f0

  • SSDEEP

    6144:Cm/Q1Q5Ng68j/svmHC40+XIzFUygWK0tWrcBOvl:Cm/Q6P8j/svm1TXI5tZB

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe
    "C:\Users\Admin\AppData\Local\Temp\9a25faeade01978fd39daedd1b8fea6f4b5957a001a7227141b2ee7d714b421b.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops desktop.ini file(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:4500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Desktop\ConvertFromMove.jpeg
    Filesize

    453KB

    MD5

    d824c89d902f958f5e793abc5f3761a5

    SHA1

    140f19a084d9280428a18a8d305a0f28ac86edb2

    SHA256

    0896c9d880de34df835ae49d3b195b710a7b85f89c34ca1e3f8c863fb0fb14b4

    SHA512

    20011e57662e5804815e60904bdfc8d3ef712254acd2adf0d71661de4feec2ccf4e87e48b9c4f7b9ac5b3cbbba98e81e220bcd2218fdd8213d57d5c63d820313

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Desktop\CopyInvoke.jpeg
    Filesize

    493KB

    MD5

    ff7ec59cd06848bd223b515924217417

    SHA1

    45242c14162f4cf5129191c0d6e9d0a4ea625223

    SHA256

    e92f09c90bc02bde393edeb27987a9e6f57dd87586831b11969fa778e92e564a

    SHA512

    484df9703148e192140afdd3cb40f1ba0209826ed1962351a7462633d3b7a0521ef5bd6c250531d18fc387f48a98aa91c6aa1852fed2d2c04dceec2906d4af70

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Desktop\GetOpen.ppt
    Filesize

    848KB

    MD5

    21f5efd3d5cb121b50a863b5911777ca

    SHA1

    0dae349f165fc4d79e694884337dce6d31dbc9d1

    SHA256

    d6186cbf85e380bdf131865b4c40a31aaf61f6bb5477478a186835ce97903831

    SHA512

    ef8d62c2ec9f01e75f95f70e00f2378f948707cefc647d053386438a63b03a29e770f59e90b7037125fc0ee8e3a9769dddee4245226372d773145ae6cbe66497

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Documents\ResolveUnblock.html
    Filesize

    247KB

    MD5

    0314e0f44243952ee8ee7999adf6c69a

    SHA1

    0c97594904f9b9c2a94c9d0957d0c49fa37c4d63

    SHA256

    f8971f8bd129205644dda236f433acdc6437248935cab1117b2dffa1ce05112d

    SHA512

    5e314494b81c12925b718d58ee5b1519373f24cd0a109dcbb81aa13b1ee2fc9cafbf2279817bb50811da9efbc2a2dfd6f3ae373775609137f3fd5a9f7b7d863b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Documents\SelectConvertTo.txt
    Filesize

    439KB

    MD5

    0add8cdb6ad14ead8ab807440899c858

    SHA1

    cf42e839d873ec58fae9c42b4cb4e3a756232a5b

    SHA256

    2b355a2adb5e0ac41c312fb6c735cf60d452ab4556e0b726611d702a89d863cb

    SHA512

    09d7238026d70edc2dff9b24a36e63becc26464277979d51d101af054f475111c5ed8804251b5170c9e4bf22a69d282064fff4f842598b8852625526b0b1a763

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Documents\TestUpdate.txt
    Filesize

    359KB

    MD5

    cef8077a00718dde5c55b036642c4a26

    SHA1

    0b3e9c256bb77f42f387ac965ab7310a20fe7731

    SHA256

    e835dd0957b7d2c6a8befad61b2c7c4db1b9dfd5aa49eba99fd19bc1995e947b

    SHA512

    38c997a244b7a2d291a34b067b72a7073bc789b7ebb64d346e311eb79295489f02b6a5d7f10017d019986d2d2682a716d3ad7866bb9b598c6bf12f7c7e20e76c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Documents\WatchConvert.docx
    Filesize

    695KB

    MD5

    80ba8848917ae054ac65f5a88a9e3400

    SHA1

    3237356a24be22e7e9ba50e98181274314e214eb

    SHA256

    a965abafb7d2c2e1603478e75dcaed92a885e77ce7133479515914a9bb4e4dbc

    SHA512

    d37c310933207208b5d07ad3f4328aa2adcd7f46423e771a38bf71284f2fd76bf633d39cc8a20f01b6d1ab8568f5070149c31e045eaa79cd2977b3b7de70bd8a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Downloads\EnterRequest.ini
    Filesize

    663KB

    MD5

    c1a6d0fc0058bf9a9747ad27de16bade

    SHA1

    e6925db25cc2f43b2b66c9262dd84ab624be8f41

    SHA256

    c1eb665fc1691b9a7fbbeabfe74ec79dbc08f2729bc16bab71903610128f2677

    SHA512

    5b8974cf267ef8bb5f878a59a847c78739539b8fd83685948dc7ad5f6b5b6fd222221b2f1c454cf9ab564fd7d3e367ff38a62d7a2d87b747f9e8a2ba40fbd621

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Downloads\LockRegister.docx
    Filesize

    1.0MB

    MD5

    a7b12047b19ac4709e81a067b375e8b9

    SHA1

    7fdcbaef47d69280db73125b4334ac7b6c51760c

    SHA256

    760df112a3b3c6687ff73657c77eb6c95a4e6c51060a4d8a008362063d370ea0

    SHA512

    89c1642373c76f4e1104a574e0aaa7797fc94645b5c528614625ddff42d0c07ffddfba013795498d3a9f1e05c48b4faf9437a68d4927553f3b6a1889b3262a07

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Pictures\ExportAssert.jpeg
    Filesize

    243KB

    MD5

    48af4a19c2d89b80dfef21dbd4ea1b91

    SHA1

    364981e3bf71f484fdaf68e39243223d3c137d08

    SHA256

    214ab024649cd5b11bde3cae7ef2356a0f261d13645fe0d5ab4ecf3c34395c8a

    SHA512

    c98b7d2afdca8ec0a909505e66e0e02c5aaa1ec5788d92918eec383407b33d044ca0b16d49ebedb744fe28683ebc1141ea3e40a33943f13dce75f8560fa139cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Pictures\InstallPublish.bmp
    Filesize

    499KB

    MD5

    527a9df30e9d1a6d0b68f59c669d1f10

    SHA1

    2872ab33c08eb6a41761a879199b8698b0526063

    SHA256

    50452ffac02f9d80a6ee58f5e03586f8cb14c4ffc4083910cf82d3504aacb8df

    SHA512

    371cb91c971f1ba7c7e1fea486246c844274de990d67d79d2bd167a9332e7bdec82de1f682c233eeb5b8bd2fe6abf576e55f3201d15a97ac00de0a2626c3a4ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\FileGrabber\Pictures\RenameConvert.png
    Filesize

    684KB

    MD5

    da8ded1465a1873f5333100f74905f15

    SHA1

    01a800145aa8d12554414bb618dcd3f54b1919ec

    SHA256

    70db105350de0c5464c545eca76059ee53bae9f4073bc1b9a8dc4657e669eb91

    SHA512

    2a9ecdb058d27774e5d420b00715e3020a41fa371bf3ffe962cd68b7706b5667e79470308d00d5331bd064be52c2fa412293f87ea2fd407079f06c679dfd9069

    Download Submit

  • C:\Users\Admin\AppData\Roaming\KGOEYKGQ\Process.txt
    Filesize

    4KB

    MD5

    cf7a1376bd7e38ffcac63227dec45b00

    SHA1

    2af6b55561264efb894e45481797b02dc69bd480

    SHA256

    dc4ba730d335f620f8300eddfd006b6750f5ee6074c19de0d9a86b41c43f945d

    SHA512

    f932b7c010b24481b32a7bc1b6f7d738accfb06aba94260fdd3b9276ddff086975fb4b5bd7027c4e573acf32bf32a888490cea87d60e82801aa7c4dca8e410ea

    Download Submit

  • memory/4500-29-0x0000000006B80000-0x0000000006C12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4500-0-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4500-1-0x0000000000FA0000-0x0000000000FF6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4500-2-0x0000000074A70000-0x0000000075220000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4500-34-0x00000000071D0000-0x0000000007774000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4500-36-0x00000000070D0000-0x0000000007136000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4500-245-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4500-246-0x0000000074A70000-0x0000000075220000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4500-274-0x0000000074A70000-0x0000000075220000-memory.dmp

    Filesize

    7.7MB

    Download