General
-
Target
shellbag anylizer.exe
-
Size
303KB
-
Sample
240808-npy4vashnp
-
MD5
88e30898471b07ab0ac563e4bdf99764
-
SHA1
8b07516da87dc75c9860954af5f6a3a0e7e95ac3
-
SHA256
c98c7bdc88503df4eb5ef21506fc42d028f949807b959b3ff67f21964a2c0b85
-
SHA512
b06fe916f11b09b5f98469282e99f783d380481a1bb0230be32d7853675b90f3b9110c8688532d168a80a53d4d380c4c711677b05578a10476d238db812ce591
-
SSDEEP
1536:T2JYEMehJ9E1QomvlGTqGXfFHfrXEvIzVAXuiRp6EE8bMlnEfwGzod8MddBK1Ohc:avhJ9E1l0cjbpxiBYe1oUJ2hsOFlD
Malware Config
Targets
-
-
Target
shellbag anylizer.exe
-
Size
303KB
-
MD5
88e30898471b07ab0ac563e4bdf99764
-
SHA1
8b07516da87dc75c9860954af5f6a3a0e7e95ac3
-
SHA256
c98c7bdc88503df4eb5ef21506fc42d028f949807b959b3ff67f21964a2c0b85
-
SHA512
b06fe916f11b09b5f98469282e99f783d380481a1bb0230be32d7853675b90f3b9110c8688532d168a80a53d4d380c4c711677b05578a10476d238db812ce591
-
SSDEEP
1536:T2JYEMehJ9E1QomvlGTqGXfFHfrXEvIzVAXuiRp6EE8bMlnEfwGzod8MddBK1Ohc:avhJ9E1l0cjbpxiBYe1oUJ2hsOFlD
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1