Overview

overview

10

Static

static

1

1 (3).bat

windows7-x64

1

1 (3).bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1 (3).bat

  • Size

    5.0MB

  • Sample

    240807-vrnjfs1dkp

  • MD5

    c8a15e928d8716c074a207383132fdee

  • SHA1

    722aab3f5a84f86206b3dafc8d646356f1a9fa8f

  • SHA256

    43b71ff866714a9281c6443c83b2d9b8adb3ba10c36a7edceed9ceb2ea03ae9c

  • SHA512

    570b31953a996a4f09eb19094463e06aad7768d352b26eaf93d0218e725fecd9b1847f7eb3b5316d476c750258995121a0e3f30937615579431ae91addea9f53

  • SSDEEP

    24576:uJmEVc1z91hmGDRSxkI7ZkgSd8cNuT4YBymha85MqsmThzY0HKh+3tHnZo1tLRll:uOxmqRUbR57NHHy1mtxaV

Score
10/10
stormkittyexecutionstealer

Malware Config

Targets

    • Target

      1 (3).bat

    • Size

      5.0MB

    • MD5

      c8a15e928d8716c074a207383132fdee

    • SHA1

      722aab3f5a84f86206b3dafc8d646356f1a9fa8f

    • SHA256

      43b71ff866714a9281c6443c83b2d9b8adb3ba10c36a7edceed9ceb2ea03ae9c

    • SHA512

      570b31953a996a4f09eb19094463e06aad7768d352b26eaf93d0218e725fecd9b1847f7eb3b5316d476c750258995121a0e3f30937615579431ae91addea9f53

    • SSDEEP

      24576:uJmEVc1z91hmGDRSxkI7ZkgSd8cNuT4YBymha85MqsmThzY0HKh+3tHnZo1tLRll:uOxmqRUbR57NHHy1mtxaV

    Score
    10/10
    stormkittyexecutionstealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks