stormkitty | 6ef09a9d766a9ca209da5fc075de5c3e7152c3f49e88bb2db61e061f0bd2184d | Triage

Submit
Reports

Overview

overview

Static

static

7

cdcc0ad244...18.exe

windows7-x64

cdcc0ad244...18.exe

windows10-2004-x64

Sharing

General

Target

cdcc0ad2446684e736fa5813caee0a57_JaffaCakes118
Size

3.4MB
Sample

240831-3e9j6a1hja
MD5

cdcc0ad2446684e736fa5813caee0a57
SHA1

21aad2f791e2c12deed221484ff00ed8a0edb799
SHA256

6ef09a9d766a9ca209da5fc075de5c3e7152c3f49e88bb2db61e061f0bd2184d
SHA512

6d17654a61116fab4b0b1128699dbbf2751d63e78615f822452a9a1ebe62889df401ed1ba795a04535446c86d4b122036f346e8744e6ac15d6e9c8a1240ec6c2
SSDEEP

98304:lnbDOSv7J7SvNZZToTcMBailCO3QBKGFqL9z/2MSbB:xOKF7SJToAMU8uBK2qL9ZSF

Score

10^/10

stormkitty collection discovery evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cdcc0ad2446684e736fa5813caee0a57_JaffaCakes118.exe

Resource

win7-20240704-en

stormkitty discovery evasion stealer themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdcc0ad2446684e736fa5813caee0a57_JaffaCakes118.exe

Resource

win10v2004-20240802-en

stormkitty collection discovery evasion stealer themida trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  cdcc0ad2446684e736fa5813caee0a57_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  cdcc0ad2446684e736fa5813caee0a57
- SHA1
  
  21aad2f791e2c12deed221484ff00ed8a0edb799
- SHA256
  
  6ef09a9d766a9ca209da5fc075de5c3e7152c3f49e88bb2db61e061f0bd2184d
- SHA512
  
  6d17654a61116fab4b0b1128699dbbf2751d63e78615f822452a9a1ebe62889df401ed1ba795a04535446c86d4b122036f346e8744e6ac15d6e9c8a1240ec6c2
- SSDEEP
  
  98304:lnbDOSv7J7SvNZZToTcMBailCO3QBKGFqL9z/2MSbB:xOKF7SJToAMU8uBK2qL9ZSF
Score

10^/10

stormkitty discovery evasion stealer themida trojan collection
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses Microsoft Outlook profiles
  collection
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittydiscoveryevasionstealerthemidatrojan

behavioral2

stormkittycollectiondiscoveryevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy