Overview

overview

10

Static

static

10

-.exe

windows7-x64

10

-.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    -.exe

  • Size

    310KB

  • Sample

    240809-lhg6mssgrh

  • MD5

    4c7c52e95b8c9c16cb9e79e477147ea9

  • SHA1

    05c27eb4f35f04a463d6d7a24bc01b932086a472

  • SHA256

    b139b5f0a9d2144720c249bd412b68cada81c96b03a6ecf6a64a9f5f1bca7395

  • SHA512

    9ef5449a778419b636adcce125ca89dbf5fd08b03ab260653da474ab4ddd1b547fb3df457c6c1abb14214aa41b4331ec2a648b5e702b598a0f3c2e711bbed951

  • SSDEEP

    6144:jeDD/pKSXx9AtjU6azN6dBVZXPTWziYkbylTXqVlN:jePhhzAtVazNKBvfOSOqX

Score
10/10
stormkittystealer

Malware Config

Targets

    • Target

      -.exe

    • Size

      310KB

    • MD5

      4c7c52e95b8c9c16cb9e79e477147ea9

    • SHA1

      05c27eb4f35f04a463d6d7a24bc01b932086a472

    • SHA256

      b139b5f0a9d2144720c249bd412b68cada81c96b03a6ecf6a64a9f5f1bca7395

    • SHA512

      9ef5449a778419b636adcce125ca89dbf5fd08b03ab260653da474ab4ddd1b547fb3df457c6c1abb14214aa41b4331ec2a648b5e702b598a0f3c2e711bbed951

    • SSDEEP

      6144:jeDD/pKSXx9AtjU6azN6dBVZXPTWziYkbylTXqVlN:jePhhzAtVazNKBvfOSOqX

    Score
    10/10
    stormkittystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks