Overview

overview

10

Static

static

10

Vynx-Hypix...nx.exe

windows7-x64

10

Vynx-Hypix...nx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vynx-Hypixel-Skyblock-Minecraft-.jar-rat-builder-main.zip

  • Size

    1.1MB

  • Sample

    240801-meqt2szfjd

  • MD5

    2a4496aeed2914eae31cce288b11847c

  • SHA1

    160fba1660cfa2f0e2c393bbccbfac7f6b0b9faf

  • SHA256

    b7a9641adf705c3d7eb6bc10827819bc47ac1bbefb3831c0050d633090a46b45

  • SHA512

    da40e33452a6707ba120c3193ec32461db769f6cb90da038867f6649850c202833af668535509d0ef7d6997b43f1c06fa35c9b70ed8fa28aeff5803c16bad370

  • SSDEEP

    24576:5LwEtVmuX794xtKpY8APE4Yv10D17RfC6c5Zy8DGL:5/tIuLSrY3A8ldMdRfR6I8DGL

Score
10/10
stormkittycredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      Vynx-Hypixel-Skyblock-Minecraft-.jar-rat-builder-main/VynxRatBuilderV1/Vynx.exe

    • Size

      1.5MB

    • MD5

      4586542b09bc8e8f7165ad1a1c8ca340

    • SHA1

      c05a77a93d124b81c98b0af5a8b3a22c345cb113

    • SHA256

      b5305d8ffa960b6b7988cc51c35e4af3aa87cd0a03eb68c49eb862142506ca5a

    • SHA512

      62454140b73edec586113620265ef76da6e220c24632c2ec7d53abd41180170ab811f796321578f2260d3b0906c2da3bde63d9580b0a88c6eb1c6bdc6dbf5c13

    • SSDEEP

      24576:47zNXaV9x4IUgs36BUI2So5+jnzFoCaGApu8p:4f0T+Sk6BU7HIFo7G98

    Score
    10/10
    stormkittycredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks