Overview

overview

10

Static

static

1

HDXD.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HDXD.bat

  • Size

    459KB

  • Sample

    240806-bsz44ayfnc

  • MD5

    67c599f4ef16bb980d3ae40f2157ba29

  • SHA1

    7e13072cacb4b77cb0d2afa222f6ce9005817fa3

  • SHA256

    7ad43ccea385b16870b9e2e10d2d25e06149c11e034f9c32ad9e8f538f0c7e6d

  • SHA512

    fd62651f81686d0548b3ec838da05b050cab0ab4f73d27f8c23cba2ae24f7d66b36ca82e130542a5fb0ce981095047565c4d8bd1d54e957ad058432ef7ab8335

  • SSDEEP

    3072:G6QtAhoJ6Qn7NzvFuJJnoxEzr60Rj2rsrnmpVYtL9pr6T/Ikwu:G6QmhS6Qn7NRyJEErb2rsriube/ITu

Score
10/10
stormkittycredential_accessdiscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      HDXD.bat

    • Size

      459KB

    • MD5

      67c599f4ef16bb980d3ae40f2157ba29

    • SHA1

      7e13072cacb4b77cb0d2afa222f6ce9005817fa3

    • SHA256

      7ad43ccea385b16870b9e2e10d2d25e06149c11e034f9c32ad9e8f538f0c7e6d

    • SHA512

      fd62651f81686d0548b3ec838da05b050cab0ab4f73d27f8c23cba2ae24f7d66b36ca82e130542a5fb0ce981095047565c4d8bd1d54e957ad058432ef7ab8335

    • SSDEEP

      3072:G6QtAhoJ6Qn7NzvFuJJnoxEzr60Rj2rsrnmpVYtL9pr6T/Ikwu:G6QmhS6Qn7NRyJEErb2rsriube/ITu

    Score
    10/10
    stormkittycredential_accessdiscoveryexecutionpersistenceprivilege_escalationstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks