stormkitty | 25d0c4ef21f49c4794220886919feebccbe942bffc1c36b8430b9b005693ce42 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

de7711ff0d...18.exe

windows7-x64

de7711ff0d...18.exe

windows10-2004-x64

Sharing

General

Target

de7711ff0df1b36bd31f32f15843905b_JaffaCakes118
Size

842KB
Sample

240913-tfayjswhqc
MD5

de7711ff0df1b36bd31f32f15843905b
SHA1

abd7c78b184f42525f0d7b53ba829e8f81bd2134
SHA256

25d0c4ef21f49c4794220886919feebccbe942bffc1c36b8430b9b005693ce42
SHA512

fa154ea9e1bad8e71434dc4ccef5182fd5eb93880e7fb10ca95da8399edcfcccc52d47cb78c17a0514bf15ca667865030519cf7c3be85b0494e6f9b83bc95428
SSDEEP

12288:JuC9eHN8vWHXsYIugb+94LlvTyFLPkZqVQV3309b+Z2x2G4Q4UFfHak3sD8H7:QCQH2TYqtBTfZqVQBY2Gv4UFfHH328b

Score

10^/10

stormkitty collection credential_access discovery persistence privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

de7711ff0df1b36bd31f32f15843905b_JaffaCakes118.exe

Resource

win7-20240903-en

stormkitty collection credential_access discovery persistence privilege_escalation stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

de7711ff0df1b36bd31f32f15843905b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

stormkitty collection credential_access discovery persistence privilege_escalation stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  de7711ff0df1b36bd31f32f15843905b_JaffaCakes118
- Size
  
  842KB
- MD5
  
  de7711ff0df1b36bd31f32f15843905b
- SHA1
  
  abd7c78b184f42525f0d7b53ba829e8f81bd2134
- SHA256
  
  25d0c4ef21f49c4794220886919feebccbe942bffc1c36b8430b9b005693ce42
- SHA512
  
  fa154ea9e1bad8e71434dc4ccef5182fd5eb93880e7fb10ca95da8399edcfcccc52d47cb78c17a0514bf15ca667865030519cf7c3be85b0494e6f9b83bc95428
- SSDEEP
  
  12288:JuC9eHN8vWHXsYIugb+94LlvTyFLPkZqVQV3309b+Z2x2G4Q4UFfHak3sD8H7:QCQH2TYqtBTfZqVQBY2Gv4UFfHH328b
Score

10^/10

stormkitty collection credential_access discovery persistence privilege_escalation stealer
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Process Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittycollectioncredential_accessdiscoverypersistenceprivilege_escalationstealer

behavioral2

stormkittycollectioncredential_accessdiscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.