stormkitty

Sharing

Copy URL

Twitter E-mail

General

Target

DiscordMulty.rar
Size

3.7MB
Sample

240802-wdl9xatcpq
MD5

981187d8addde5cbf8186db39a5eb885
SHA1

18acf273a86e61b17c6df24ad988182e80541c6a
SHA256

46e1081372a9209e9bb11225ecfdcd3d3824a51a568c03763e2c689c4ef3928f
SHA512

32606af10a762a7bbb2bbd08def5808dc3817abca24eaee8348cab28c14afd1413339a9ec2adbea75cd242de3d3ae49e3e2cb02ceb782d745013614dbd1ef3ce
SSDEEP

49152:Er8nNFEfeAMLxtndQpcR0EyB4afsHnckkTeql5c4rdFLacfgiL0WaLKYmpldw7:/kOVtgcROFU8k0N59rdMVvWKxSdw7

Score

10^/10

Malware Config

Targets

- Target
  
  DiscordMulty.rar
- Size
  
  3.7MB
- MD5
  
  981187d8addde5cbf8186db39a5eb885
- SHA1
  
  18acf273a86e61b17c6df24ad988182e80541c6a
- SHA256
  
  46e1081372a9209e9bb11225ecfdcd3d3824a51a568c03763e2c689c4ef3928f
- SHA512
  
  32606af10a762a7bbb2bbd08def5808dc3817abca24eaee8348cab28c14afd1413339a9ec2adbea75cd242de3d3ae49e3e2cb02ceb782d745013614dbd1ef3ce
- SSDEEP
  
  49152:Er8nNFEfeAMLxtndQpcR0EyB4afsHnckkTeql5c4rdFLacfgiL0WaLKYmpldw7:/kOVtgcROFU8k0N59rdMVvWKxSdw7
Score

3^/10
behavioral1 behavioral2
- Target
  
  DiscordMulty/Colorful.Console.dll
- Size
  
  88KB
- MD5
  
  513887befab1824441ab836a1de051e1
- SHA1
  
  737acdf101b06d4f7528a17a361120898dcbd98d
- SHA256
  
  6de7e078e24afa66b699c6eaf93988ff44dda8bd062fc11351978ddc5b601899
- SHA512
  
  35b63292badf4d79375f32c60ae2993b5f3315203cf790bceba0df69bb222a83b5cb1ff55cea30c48345a59b04c17d037580dd7bcd8c5075334f8bdedf640454
- SSDEEP
  
  1536:3J1J4aE966w/2DtgNpWFbCagAHM9KTC/bu:3C796R/ObCagAs9KTgS
Score

1^/10
behavioral3 behavioral4
- Target
  
  DiscordMulty/DRouter.exe
- Size
  
  1.9MB
- MD5
  
  4d978f4a830f374b5867f1ae53b08ffc
- SHA1
  
  827b301d630a037a6559acc3b63612fded885767
- SHA256
  
  a881c67a5ad97fed46616a1c219a4c70fffcbe3ec1f0c900747e2ba75131b143
- SHA512
  
  f9339c421b5a8ee85358d0a4384ef3d203cb68572152f02c9610c4c371091d5c5caed5fde3a3c379ef3feaa2c86cc123e09596fb8862816ea60ae2d78d6a6091
- SSDEEP
  
  3072:gq6+ouCpk2mpcWJ0r+QNTBfqcm2GvaDE:gldk1cWQRNTBS
Score

10^/10

stormkitty discovery stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  DiscordMulty/DRouter.exe.config
- Size
  
  979B
- MD5
  
  33942ff38680119f98d6efb60426f16c
- SHA1
  
  9a63b71687f0c071178688bedbae18ddbae0dbc6
- SHA256
  
  30332794b815169dd8db2fa07e6543ea370d1eb3c8ddac6d831e6ce0c3ebba2f
- SHA512
  
  095da5ffca44a3d91292bcb7b48d9c83fc3cef47e5ae4bafc5b32ff9c01c327479fd9e000f9b73a86db06929539b8e2afcfe0be025bd71da26822387c0061b77
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  DiscordMulty/lib/Anarchy.dll
- Size
  
  529KB
- MD5
  
  8725518ff670fda909532c65e9824844
- SHA1
  
  92cfacf2ff7d0a746064584d920ab4069bc8d2b2
- SHA256
  
  560bbd5b4fd7fca4991ed0bf251883d6d9d1023f59cc1ce364923737b96afcf1
- SHA512
  
  7244bfa09f8fff4f9a73306b1bb13c1751fb973cd163c0848c8fea116bea59f1da7575a5251a4a39b91699c5cac3b2cafd27982c8c3447a6e1587d355068b776
- SSDEEP
  
  6144:P2Tx1CON752DK3NSJXbCxl+Ij9+V+YviOaAgahp5gRNXT/NUdAMVYrTkTVrPV4:23+LdB+zOpd2Nb2IkQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  DiscordMulty/lib/DRouter.pdb
- Size
  
  107KB
- MD5
  
  199c2217e5f82cf6ea8139a81d461d96
- SHA1
  
  b814128ae2a7e3eaaf0e3375068c94f542f74bc8
- SHA256
  
  a3c237199d7010828e4f546ee80d008eb1780d1c4dd9dfb72ca34b4ef49ba6d9
- SHA512
  
  b0c8e4b32faff3ac2693dfa8e3c9b3d2ac95f2aceb5646946a60502e874e7d1d14e0efd4b48ca158560f7a1777ba8256e9e4decbb6d56b61e49e39b2a9890179
- SSDEEP
  
  768:B2lflqI82mZO2b9gSt8zAWDesq1m9kFnSeqBpidGtnHp9ADgKRsg8I82mZO2t9qn:T9KzX9kFnSeqbHiSgu9qmg
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  DiscordMulty/lib/DSharpPlus.CommandsNext.dll
- Size
  
  75KB
- MD5
  
  430949bd7700acf32219c4fa4e40557e
- SHA1
  
  f7cfa7f941fc00d204623f7396362f90c6eda262
- SHA256
  
  c86b413716da6dd0a50348a2bd0166b686e6e61361fe16e8396ff92490e592d5
- SHA512
  
  18ae9b1813b44ccf7644cf21cf4ff157e5e999354f9fc5716ba28300751babff610e5bfccdd1e1deeef0fcb62370bd1bce64e6969b644a3a7200fa870d3c853b
- SSDEEP
  
  1536:Exeas5/d0n9HhCuY13Yx3Fllya7d4lQy2J0r4cJYY:EY5/sK13YxTlBd4libcJYY
Score

1^/10
behavioral13 behavioral14
- Target
  
  DiscordMulty/lib/DSharpPlus.CommandsNext.xml
- Size
  
  62KB
- MD5
  
  4c50f3b79cfd2db77b17da4180c834f0
- SHA1
  
  3d53f7ec434da0eebf73b2ffe77768948207255f
- SHA256
  
  b11d46d5a06d21fee69e0f51ba6b5ae7fbf7478ae12ea5fb1cca9a7ebc6453f8
- SHA512
  
  fc6842bc4671a1e87eb0fc87cbfb434b180c45273c9473a5dc88d8f20b61fba10f4cff53a940e046d94f3089eff5f3358a9a56c0ddf6871fce67887f61c215ca
- SSDEEP
  
  768:/GpReTgtyIrM7TEYUfhUeOhQ+eOrDVZJstymHa+nzM8amujTD6j0jErghW+rBo/J:oGTD6oI
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  DiscordMulty/lib/DSharpPlus.Interactivity.dll
- Size
  
  45KB
- MD5
  
  c71a72037e9e3864409cf7c11a8e0dae
- SHA1
  
  11db0dc975f2e2f7c3c2340efeb690206efd6524
- SHA256
  
  b145b8baa88c1858e32be81ac439cc6852baff784a520345623abaf70f310e7c
- SHA512
  
  fd59ff5036c51493152c4700ed49c98c6633614b4b3aa91c44b9be3dafc6ec1eafd133b535b262245d5bc464b7482088a5d4c312389f5c3aa9df018287f15b44
- SSDEEP
  
  768:gCLDM0WU1QLLbN+B4dJRxBN/SkYA9x1T2CPiSBUxczMsZv1JzLS1SZu0:rD/ELbgQDS3GTZO+
Score

1^/10
behavioral17 behavioral18
- Target
  
  DiscordMulty/lib/DSharpPlus.Interactivity.xml
- Size
  
  149B
- MD5
  
  3dd73e93919b7c4061db454e7ca11ace
- SHA1
  
  2127297471f62d994a11485995dd11b21031d63d
- SHA256
  
  67ffa4def024e8fa53039eee075808e60b34a813774565b5de805c099e96be66
- SHA512
  
  adb31f0542aa31230d02e92f07016d6a42377b422efc605b4689959a4ead0ff273395beaec17bf354131b99a4a3bd30b82166f102f81a9753db833b09faf2082
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  DiscordMulty/lib/DSharpPlus.dll
- Size
  
  583KB
- MD5
  
  6af3eac8e21dca74885ef66a63645b5c
- SHA1
  
  c869c5a45e5e28740727321d909278ae8d17895f
- SHA256
  
  ff7127e0d535b02a768f9722852327608e9a6509ad0a767f071c876f3ac66be6
- SHA512
  
  d2f150e772519a50cb44bcd356c7d93421aa511cde1cd011957ae1fdd33fbd1085a91837eec696f3c08bb2886605ffc43b143904d1ca8162ce1d49d1841e3678
- SSDEEP
  
  6144:K075oJI9epDhnRplRdUwPbe9RDpDDDAgDDk5uXvnA3QNV2q:K07B9e51fPqpDDDAgDD7cQ3r
Score

1^/10
behavioral21 behavioral22
- Target
  
  DiscordMulty/lib/DSharpPlus.xml
- Size
  
  316KB
- MD5
  
  60dd93d4d04688cc23627476434fd534
- SHA1
  
  527409e37ad9a6e56055d1f247e39e19f4f4a602
- SHA256
  
  26eb61caf4541917f7e11652e2dad52d9e23d4c658565f349157ee87a3f0da46
- SHA512
  
  c2b8ca3afbd791b582ba952ffc2c3b9524b4f09f5192c28d4566adecb64d8c0a721afefb8ae9120243f7dd3bc9444e4ccbe7cef1bce1b1f2ca3575598fd92a30
- SSDEEP
  
  3072:8A4+R+43jF4ivnMHpGzjZ0iNv5rbbSaGYGCnF3N5HjwbBeoCE0Jy3M2H9p14WBo8:8AIFeU
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  DiscordMulty/lib/Discord.REQ.dll
- Size
  
  73KB
- MD5
  
  954db55a18c2e6e01b45668a84418346
- SHA1
  
  d61f6d6139d14290ef6fac35496fcf474887c653
- SHA256
  
  61cc7051cd1585a15fe544662d17b50b846fdc0cd21c4eb569649c87687cd45e
- SHA512
  
  03d6b2f6f6716fdf208145b8a83f04e9bec841d5cbfd8239084296870819e3edac7b8cae25d7d1345bfac18ec4de182871e1f5410a0e3753d5478a5285077f42
- SSDEEP
  
  1536:o4qITAvwWjVxjwYUIUXvir8nh5YKalYGMNpdcZp6XwTO5HVP8GRKhiy6:nAvwWjVx8YUIQRyKalYGMNcj6XwTO5Hj
Score

1^/10
behavioral25 behavioral26
- Target
  
  DiscordMulty/lib/Figgle.dll
- Size
  
  473KB
- MD5
  
  7c89d3e9baf0648fb767a70e0eacc35c
- SHA1
  
  6558308ec9d4be79b001c03030401c0e3c9701bc
- SHA256
  
  ba6a8965961f80013100f0aa804565edfec035b141cc4484a60b658a1b858dd9
- SHA512
  
  00b62dea3d4b4dd60ef307121acf1357e418b3de69b85b8ccb0f74dbb28c357a8dd410020ef325dba5c8bab8c2eac41234686a8e4fdee24063734f3f860ee7d2
- SSDEEP
  
  12288:dwnZ6NqfPaM8r3dFxDxXrxgRX7Jb5oc3Z:SnWqfPaTBDJxgnbJ3Z
Score

1^/10
behavioral27 behavioral28
- Target
  
  DiscordMulty/lib/Leaf.xNet.dll
- Size
  
  129KB
- MD5
  
  ea87f37e78fb9af4bf805f6e958f68f4
- SHA1
  
  89662fed195d7b9d65ab7ba8605a3cd953f2b06a
- SHA256
  
  de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
- SHA512
  
  c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
- SSDEEP
  
  3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO
Score

1^/10
behavioral29 behavioral30
- Target
  
  DiscordMulty/lib/Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  20KB
- MD5
  
  1ee251645b8a54a116d6d06c83a2bd85
- SHA1
  
  5dbf1534ffbff016cc45559eb5eff3dc4252a522
- SHA256
  
  075ce79e84041137c78885b3738c1b5a03547d0ae2a79916e844196a9d0ec1db
- SHA512
  
  9f67fd0566eac2da4253d08697daab427e4e85780615d940f086a88424dcbb0563abae7e4824088e64ef7024c1bb3bbf324f2d07bc7ba55f79e4af3c9ea88e97
- SSDEEP
  
  384:69P2wZOXm7YJVHTe+0VJI0vrdaVemxO/f7vWeq/WIdHRN7bg30uw7lGsV9W+:u2zmYrHCV9cIL6TbtCSW
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

StormKitty payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32