stormkitty | 1[.]exe | Triage

Sharing

General

Target

1.exe
Size

320KB
MD5

db2bbb44f30afac31f911fe16b9db58c
SHA1

e4f9728b0f771e61813132dfd10b245b2f0dc94c
SHA256

8d41693aaa810b87d9523a64abac0a0c21db7b9542fbf7fda917a99e4464f89f
SHA512

acc12ca3f600e9105762114fa9224bccf4cdb1cfe02e364e3fdfbfe57aafcaa37b82af1e1929b47d9bf1db60cd7c239fbbfb4fea8fb2945b70d51edca8490f85
SSDEEP

6144:/3/Q1Q5Ng68j/svuP8wSFUygWK0tWrcBOvn:/3/Q6P8j/svugtZB

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

Processes:

resource yara_rule

sample family_stormkitty
Stormkitty family
stormkitty
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

1.exe

Files

1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ