Overview

overview

10

Static

static

10

7acd7ca811...dc.exe

windows7-x64

10

7acd7ca811...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7acd7ca811c678a92d62d556cae858dc.bin

  • Size

    74KB

  • Sample

    240806-d37m2asdme

  • MD5

    7acd7ca811c678a92d62d556cae858dc

  • SHA1

    b05d0fd47d2d905234db53614f725e3744c93b3e

  • SHA256

    736f8b467d09e4805d336c56b49ec183355dc433e04b93904d2e8d5876d5b9de

  • SHA512

    24fe70950fc092d9de383f5c80c70bdc4bd5e342b927e2fb495752e0036c3d2eb0547f60467ef5019a686fffd2f8057105d13dd566172f9438ffe4434748166b

  • SSDEEP

    1536:rNtW7bvrmSbUMiuidaw6v3ZfXR6/A8Id0FWGV09auvIUxjFxtbm:rzTyXRKA8Iwg9auvIUhFxty

Score
10/10
stormkittypersistencestealer

Malware Config

Targets

    • Target

      7acd7ca811c678a92d62d556cae858dc.bin

    • Size

      74KB

    • MD5

      7acd7ca811c678a92d62d556cae858dc

    • SHA1

      b05d0fd47d2d905234db53614f725e3744c93b3e

    • SHA256

      736f8b467d09e4805d336c56b49ec183355dc433e04b93904d2e8d5876d5b9de

    • SHA512

      24fe70950fc092d9de383f5c80c70bdc4bd5e342b927e2fb495752e0036c3d2eb0547f60467ef5019a686fffd2f8057105d13dd566172f9438ffe4434748166b

    • SSDEEP

      1536:rNtW7bvrmSbUMiuidaw6v3ZfXR6/A8Id0FWGV09auvIUxjFxtbm:rzTyXRKA8Iwg9auvIUhFxty

    Score
    10/10
    stormkittypersistencestealer

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks