General
-
Target
1a0a33df99b129a04317cda6f9ee8450N.exe
-
Size
87KB
-
Sample
240825-1am49axeql
-
MD5
1a0a33df99b129a04317cda6f9ee8450
-
SHA1
6c24864e71f40523418cb273dd2f647686f524f8
-
SHA256
b32401f4a1ac0bf0a8c81dc6e7ac5a11c2125d2055f2224cafba44df740684fe
-
SHA512
5473aab64e531ffe53352b8c17fc4dda775f79b3fe900624918a60153727a6111a01b9d10a270149b17f4a3b9399c75fd5c4c85f2f82b956710e879cd3115187
-
SSDEEP
1536:MexIYG53x/8XNYK5rJx93o8lg/x/G9apbbp3gITPTFO:MeaYG53x/8Xpx9gZ+spbbp3gIrxO
Malware Config
Targets
-
-
Target
1a0a33df99b129a04317cda6f9ee8450N.exe
-
Size
87KB
-
MD5
1a0a33df99b129a04317cda6f9ee8450
-
SHA1
6c24864e71f40523418cb273dd2f647686f524f8
-
SHA256
b32401f4a1ac0bf0a8c81dc6e7ac5a11c2125d2055f2224cafba44df740684fe
-
SHA512
5473aab64e531ffe53352b8c17fc4dda775f79b3fe900624918a60153727a6111a01b9d10a270149b17f4a3b9399c75fd5c4c85f2f82b956710e879cd3115187
-
SSDEEP
1536:MexIYG53x/8XNYK5rJx93o8lg/x/G9apbbp3gITPTFO:MeaYG53x/8Xpx9gZ+spbbp3gIrxO
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1