stormkitty | d633cf3249a08f878a33ef419131e8affd85600923170109317906cefeb1e62f | Triage

Submit
Reports

Overview

overview

Static

static

Discord-Ra...er.exe

windows11-21h2-x64

Sharing

General

Target

Discord-Raid-Tool-Box-main.zip
Size

34KB
Sample

240804-z8vfjswgkj
MD5

122b408957627df7b1592b0bd391c82e
SHA1

cd6dddcd14662acc98bb702f6488ee1ccc7c1879
SHA256

d633cf3249a08f878a33ef419131e8affd85600923170109317906cefeb1e62f
SHA512

a65e29079b0ecae9ed89b2d01c11c05a5e53d7feadeff8442ea78b7159ffe108614ab4d80f3da485a8a5aa254f2215badfe69004dec59cdcfe4ce1777ab4f10a
SSDEEP

768:G6p4oc5XfYhNG7Jp6xjXBetoNd2Oyp6ZUeASJCL16J8ihDi2dO6sMj:GATsXfbp6NXBba6ZUe9JCh6Jh4sOnMj

Score

10^/10

stormkitty discovery persistence stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Discord-Raid-Tool-Box-main/PussyKiller.exe

Resource

win11-20240802-en

stormkitty discovery persistence stealer

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Discord-Raid-Tool-Box-main/PussyKiller.exe
- Size
  
  74KB
- MD5
  
  7acd7ca811c678a92d62d556cae858dc
- SHA1
  
  b05d0fd47d2d905234db53614f725e3744c93b3e
- SHA256
  
  736f8b467d09e4805d336c56b49ec183355dc433e04b93904d2e8d5876d5b9de
- SHA512
  
  24fe70950fc092d9de383f5c80c70bdc4bd5e342b927e2fb495752e0036c3d2eb0547f60467ef5019a686fffd2f8057105d13dd566172f9438ffe4434748166b
- SSDEEP
  
  1536:rNtW7bvrmSbUMiuidaw6v3ZfXR6/A8Id0FWGV09auvIUxjFxtbm:rzTyXRKA8Iwg9auvIUhFxty
Score

10^/10

stormkitty discovery persistence stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittydiscoverypersistencestealer

© 2018-2024

Terms | Privacy