thunderkittystealer | b27b31d0ace71e743e05e7fc14d66fe0884c5dc4f9312d91b9346c05fd0a9ee7 | Triage

Sharing

General

Target

ThunderKitty-Built.sfx.exe
Size

3.9MB
Sample

240908-yrhjzsvhqf
MD5

02b1176cf08691be00f90181f6627324
SHA1

630161e9332a8ab8e4d8e96091f0d1427faa44c6
SHA256

b27b31d0ace71e743e05e7fc14d66fe0884c5dc4f9312d91b9346c05fd0a9ee7
SHA512

4c4ee6c1c044b964d807676ed30608cbba5c4f92218ca12e4a03d16b8b67948728ce995e398cfc913cfc21063945af5c902b64f6f244763a7b08cd1e268bad7a
SSDEEP

98304:0qwCxfzSG0PsDj1WG3zx7aDo8DZOyo1TGO:0qwCpWGsKj1x3zxeh9IX

Score

10^/10

thunderkittystealer stealer

Malware Config

Extracted

Family

thunderkittystealer

C2

https://api.telegram.org/bot7152695840:AAGDjisoA8pdr2R0G01XrqjqSwITZtC9buY/sendMessage?chat_id=6426393261

Targets

- Target
  
  ThunderKitty-Built.sfx.exe
- Size
  
  3.9MB
- MD5
  
  02b1176cf08691be00f90181f6627324
- SHA1
  
  630161e9332a8ab8e4d8e96091f0d1427faa44c6
- SHA256
  
  b27b31d0ace71e743e05e7fc14d66fe0884c5dc4f9312d91b9346c05fd0a9ee7
- SHA512
  
  4c4ee6c1c044b964d807676ed30608cbba5c4f92218ca12e4a03d16b8b67948728ce995e398cfc913cfc21063945af5c902b64f6f244763a7b08cd1e268bad7a
- SSDEEP
  
  98304:0qwCxfzSG0PsDj1WG3zx7aDo8DZOyo1TGO:0qwCpWGsKj1x3zxeh9IX
Score

10^/10

thunderkittystealer stealer
- ThunderKitty Stealer
  ThunderKitty Stealer is an open-source stealer written in Golang.
  stealer thunderkittystealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

thunderkittystealerstealer

behavioral2