General

  • Target

    1.exe

  • Size

    320KB

  • Sample

    240924-veg6xaxdrh

  • MD5

    db2bbb44f30afac31f911fe16b9db58c

  • SHA1

    e4f9728b0f771e61813132dfd10b245b2f0dc94c

  • SHA256

    8d41693aaa810b87d9523a64abac0a0c21db7b9542fbf7fda917a99e4464f89f

  • SHA512

    acc12ca3f600e9105762114fa9224bccf4cdb1cfe02e364e3fdfbfe57aafcaa37b82af1e1929b47d9bf1db60cd7c239fbbfb4fea8fb2945b70d51edca8490f85

  • SSDEEP

    6144:/3/Q1Q5Ng68j/svuP8wSFUygWK0tWrcBOvn:/3/Q6P8j/svugtZB

Malware Config

Targets

    • Target

      1.exe

    • Size

      320KB

    • MD5

      db2bbb44f30afac31f911fe16b9db58c

    • SHA1

      e4f9728b0f771e61813132dfd10b245b2f0dc94c

    • SHA256

      8d41693aaa810b87d9523a64abac0a0c21db7b9542fbf7fda917a99e4464f89f

    • SHA512

      acc12ca3f600e9105762114fa9224bccf4cdb1cfe02e364e3fdfbfe57aafcaa37b82af1e1929b47d9bf1db60cd7c239fbbfb4fea8fb2945b70d51edca8490f85

    • SSDEEP

      6144:/3/Q1Q5Ng68j/svuP8wSFUygWK0tWrcBOvn:/3/Q6P8j/svugtZB

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks