stormkitty | 4a91135e56bc3b6e549264e282777e09a503f3981c9e96de7bd0ab5b3c92d3ec | Triage

Sharing

General

Target

Vape-Lite-main.zip
Size

34.1MB
Sample

240717-ya7sjsvhjl
MD5

0c3556865f0c963472662daaa962e5df
SHA1

d8e86f2ebc98e2aea44d12be1c89202b8f15f426
SHA256

4a91135e56bc3b6e549264e282777e09a503f3981c9e96de7bd0ab5b3c92d3ec
SHA512

ddb75e36b589220be53ff89cdd484f639090b4f504512c1f1dbd6b0e0f219b01ad78b98cdb150cb769538d8c51320e79152748992484725cd6066f0812b52e22
SSDEEP

786432:o5V7OS7Ew6loBNOxft5pK1Wq/q7jmVq7brfKE9dNgUZAjPXMSyhrAqZ:o5koEw62BcJY/fojKE9dN9ZWM5JAq

Score

10^/10

stormkitty discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  Vape-Lite-main/Vape lite/Vape Lite/Vape Lite.exe
- Size
  
  1.1MB
- MD5
  
  76b71c959ebea10097b79dbf739952bb
- SHA1
  
  18eed993b7908a8624850231922a0e539bd36520
- SHA256
  
  93afa8b28fd4f3c04d0bcf0056cd16473f7eaed23e1ab483bfd4ad12f3080622
- SHA512
  
  a237c09189588ce218fdf66c45615a93337faeac51984eddd64a7a3f9bf9c0ec4dd9f3fded4d2188296ea82421249459a5df194a3da7616761169a9738b919ff
- SSDEEP
  
  24576:3dlNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8:3r0T+Sk6BU7HIFo7G98
Score

10^/10

stormkitty persistence privilege_escalation spyware stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Vape-Lite-main/Vape lite/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral2
- Target
  
  Vape-Lite-main/python-3.12.4-amd64.exe
- Size
  
  25.5MB
- MD5
  
  f3df1be26cc7cbd8252ab5632b62d740
- SHA1
  
  3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
- SHA256
  
  da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
- SHA512
  
  2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
- SSDEEP
  
  786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk
Score

4^/10

discovery
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittypersistenceprivilege_escalationspywarestealer

behavioral2

behavioral3