Overview

overview

10

Static

static

10

beddbb4818...18.exe

windows7-x64

10

beddbb4818...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beddbb481807de962d2c9cb030d405f5_JaffaCakes118

  • Size

    368KB

  • Sample

    240824-sl6rqswdja

  • MD5

    beddbb481807de962d2c9cb030d405f5

  • SHA1

    f864aea216bc513edb1a88660aa111b5a9176d8f

  • SHA256

    52fae1ba28593ce0478042ee499f02333c1b671971c619bf7528a50ac051625a

  • SHA512

    8590086ea1e8951b6262d04f5e54a54fe846b996109fd9a8c02a0c4d5369d939d23f008434f2162739fc913b0c3c3a5061957822ce42a77ce2298a42bbd9927e

  • SSDEEP

    6144:7jUs3SXfURPGwaP3aDJ0jmvv3F45jL2/EgAGrMRA+83PB7WP+nZyLPo7uo:7pRPGJaDnFwH2/Eg5ruT8/tWPNg/

Score
10/10
stormkittycollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealervmprotect

Malware Config

Targets

    • Target

      beddbb481807de962d2c9cb030d405f5_JaffaCakes118

    • Size

      368KB

    • MD5

      beddbb481807de962d2c9cb030d405f5

    • SHA1

      f864aea216bc513edb1a88660aa111b5a9176d8f

    • SHA256

      52fae1ba28593ce0478042ee499f02333c1b671971c619bf7528a50ac051625a

    • SHA512

      8590086ea1e8951b6262d04f5e54a54fe846b996109fd9a8c02a0c4d5369d939d23f008434f2162739fc913b0c3c3a5061957822ce42a77ce2298a42bbd9927e

    • SSDEEP

      6144:7jUs3SXfURPGwaP3aDJ0jmvv3F45jL2/EgAGrMRA+83PB7WP+nZyLPo7uo:7pRPGJaDnFwH2/Eg5ruT8/tWPNg/

    Score
    10/10
    stormkittystealercollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarevmprotect

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks