Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4127c9695c9aa08cf6e36097b5666c0305768372a07d4e607b7c4eee01bafe52

  • Size

    1.4MB

  • Sample

    240811-wznd4a1fqk

  • MD5

    1a84efb5eddb4512bdc7c5b140c18c2f

  • SHA1

    af26fc2e98a165001b44fd1dae892ed064067966

  • SHA256

    4127c9695c9aa08cf6e36097b5666c0305768372a07d4e607b7c4eee01bafe52

  • SHA512

    fe36b07006169578644fd4870b801cbdb6714065c6302c371792977eb916d3ec8b85c7982686a84a744b17f1bef2d2a90d74ba439e686e49ab6ca4340f6a15e2

  • SSDEEP

    24576:1/i5WzE1ChTAwoBMNwx4DSSpuTbFwFJ5oOFAoag1HX:VJswoBMstlbFwF5DaQ

Score
10/10
stormkittydiscoverystealer

Malware Config

Targets

    • Target

      4127c9695c9aa08cf6e36097b5666c0305768372a07d4e607b7c4eee01bafe52

    • Size

      1.4MB

    • MD5

      1a84efb5eddb4512bdc7c5b140c18c2f

    • SHA1

      af26fc2e98a165001b44fd1dae892ed064067966

    • SHA256

      4127c9695c9aa08cf6e36097b5666c0305768372a07d4e607b7c4eee01bafe52

    • SHA512

      fe36b07006169578644fd4870b801cbdb6714065c6302c371792977eb916d3ec8b85c7982686a84a744b17f1bef2d2a90d74ba439e686e49ab6ca4340f6a15e2

    • SSDEEP

      24576:1/i5WzE1ChTAwoBMNwx4DSSpuTbFwFJ5oOFAoag1HX:VJswoBMstlbFwF5DaQ

    Score
    10/10
    stormkittydiscoverystealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks