Overview

overview

10

Static

static

10

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-09-2024 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.exe

  • Size

    320KB

  • MD5

    db2bbb44f30afac31f911fe16b9db58c

  • SHA1

    e4f9728b0f771e61813132dfd10b245b2f0dc94c

  • SHA256

    8d41693aaa810b87d9523a64abac0a0c21db7b9542fbf7fda917a99e4464f89f

  • SHA512

    acc12ca3f600e9105762114fa9224bccf4cdb1cfe02e364e3fdfbfe57aafcaa37b82af1e1929b47d9bf1db60cd7c239fbbfb4fea8fb2945b70d51edca8490f85

  • SSDEEP

    6144:/3/Q1Q5Ng68j/svuP8wSFUygWK0tWrcBOvn:/3/Q6P8j/svugtZB

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:1004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Desktop\SyncInvoke.svg
    Filesize

    504KB

    MD5

    c76d98c997f8ac028ce1f2a8a2661f80

    SHA1

    72da5783149dde5fc740a8cb39f1858ab7b1ddd7

    SHA256

    3f20d70bd8becf30f4ae493b9df8bd5ce3929095e2d7e8eeaf6cfa9b3f50b5e7

    SHA512

    e729d93541334ded83abc5cb364745d6c5477fbc7db3b7cd57ba57a19e79d084a280d3a6f37e21fdeb6e961dab825449e014352190f5185048893f47ff952220

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Desktop\UndoUnblock.php
    Filesize

    606KB

    MD5

    3ab2f0ffc853ad33b9c5bc1a80ca01b7

    SHA1

    c4636fe9442636b730315e37ab11a093f4db19f5

    SHA256

    3c97505a9fa330a9aa66b081e34da41c2200822d595e2aa591acfb9fc5118a1a

    SHA512

    5723dc46b43af33248e03c778e2733e8efdfb54174958f6943cd5707b43b887f808dbbb514dc75aed7eed1d2282ce7fe01302d688c850d52b572665dce910d46

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Desktop\UnregisterOut.css
    Filesize

    577KB

    MD5

    9ff54fa0528c2e9779b1edf35247017e

    SHA1

    d23796dbabc16cf121f4d384b007c7e1b04e91c1

    SHA256

    adc7d974e6b3d8da03b72674b0a1488710264dc4f28819553b931e1ed948fe1f

    SHA512

    a986e10fd5478fee5ba419af955510847c1e79dfb2ceb921823bd10c64366ce02dd61dd428105592b1d380f8356f0699eba42af43c4f1af8bf30ba447cce59b9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Documents\EditTrace.doc
    Filesize

    527KB

    MD5

    cef9cac1ebdf68a15ff2ddf193842da5

    SHA1

    fe1a8f3b4043005c1138ebd79552b212792c23d8

    SHA256

    cc3ae3c461a6161bc38d781feb5f8ea50475a3f4e2a9a867d1bba08b1d98c599

    SHA512

    289e6958316bac73eb0e73a13d881d6ff467fb958652b6931c09a645ed6dd2f52419fa8e16b485489d9ce686e4468cd547477713d1f09f7a1d41b915e52ae2db

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Documents\EnterSelect.pptx
    Filesize

    418KB

    MD5

    1979eed1e07cc7e1f3eb5ce365680ade

    SHA1

    4322c1b52209396062aebbc5acf0914680815236

    SHA256

    9a124941e6e96418226078bfc9d9e1368374f0059b1f1d33b9f459c95f4af586

    SHA512

    0b01bb3c28f9c3e943439291591645a30a1cd588e55fc3eb9b301e1c0431415f05de02d1014f1803f704429eb6aabca4dcd0b5206e7052a667693cf50144952b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Documents\ExpandStop.docx
    Filesize

    546KB

    MD5

    ebae275241529b7cbed62116113e8aa9

    SHA1

    be634d57ac3b449ceb27e171610cc29672cb1021

    SHA256

    8e782e0bedfc47193177afdd1658f231a51a09b5a62706e3576e738b0c39583e

    SHA512

    6588992581a80675e7e6b9c5a102d9749b32a892f8b386ab8008bd3c1277f1c4216fb6adb16b78a6456c585f49e619b690cc90fb7c9f065da85a1609c0050944

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Downloads\EnableFind.jpeg
    Filesize

    350KB

    MD5

    a86d67549ce54b7855a6371168d5403b

    SHA1

    10ec342aa9ac34e42d5fa72ca13f78b0458cb80b

    SHA256

    695d70edffbaeae171a7030fbfcdec114c726afae917e1ba9a1ff40e9ed49691

    SHA512

    90983292089b027bfa3f8746e7a2446405952063cc984fa5df7b4fd51e92a6323760dde3b211ff23d7b28010d270e37a05953d681c492fed3d1950356c285806

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Downloads\GetGrant.xlsx
    Filesize

    271KB

    MD5

    86a38c0428bb37258b784e01ae6b9337

    SHA1

    5cc6ca1346ea1c99b5fc1acbe055640d935ba2eb

    SHA256

    e3d4e4c3854b54cf10ddfa8a873f972565203196803b282b799e30dce67635c5

    SHA512

    8909d30a3d64bcec2490ae751e89c23ba2dbb9d2fcd86a88a997d6d3530dd322ab7d80cf63baed5a1021859fd79eb2209e72c5f860d935f22996b90dcfd019a1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Downloads\ImportNew.png
    Filesize

    637KB

    MD5

    5f44c147f715d7fe8e7eac14229a9c13

    SHA1

    5d60548baaab7486094d005465c7524524649ea3

    SHA256

    a79a7f36305d1abe7b78312df70b6f3882803df25d932f09b5b0b6729d79c321

    SHA512

    dd2f959b545b76383d115d034589e5d93978691557d68d7b7360709167d1b5df8fe63c1ddda0668f2ae18f12d99e1c1e3aa954a3881f3fa11840f3bd7783e762

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\AddStart.jpeg
    Filesize

    119KB

    MD5

    de201805473ea3fc9623f650dc5bef64

    SHA1

    4e1f79a828dafd3eb186752bbefed741a3184850

    SHA256

    5b789fce2310467bf881f02bc3a0400c38adb0170e5d3803b14ec7a9031accfe

    SHA512

    0cdd0a0b208b16c9b6de93f9e0ee243a19e8451bff4b4d5e42cb7b0e8bd237f05040b9c02558b1d4e734284efc1c825138501524c148f8ffdadc3e27d035fd9f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\ConfirmInvoke.jpeg
    Filesize

    127KB

    MD5

    565ea464c747c9f0158ae19ee73fdee7

    SHA1

    5ccfb1a90bbb98a1d38ec4727c38a57da469d532

    SHA256

    36f95f330908e2c69c8f8b741ed6554f2f2c82c322775391063249bce71e78b1

    SHA512

    0520b91a321f50a1ea523b932aa6fcad129e3e6fcc9a47e5c375f25c0d5e3ba30459cfe5e23d1654156c521ba0e020a2e0cd10bba0745c25dce5db0ec0abd097

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\DismountBlock.png
    Filesize

    140KB

    MD5

    d567d0f0a9922f7b6d9bc9df6dcfcca8

    SHA1

    8fd2fa23549a83e48c3194de618131881bfb0338

    SHA256

    066bfa5cbe380b2acf4047a23558c9dd1073d7c20ee001c26d47a6cf78f96f96

    SHA512

    214663d96921872f343a3f2b987c6525dfd114eeb4d694d4690faf63ab73e186759ca83f44d21e1af15238b9dfe02e8d4429ebb20f33d0ed9049ec177ad365fd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\EnableWait.svg
    Filesize

    106KB

    MD5

    de555edaef861c95ddb217a36d353c98

    SHA1

    371759ce1b86684221cbce984bfaba56741debb2

    SHA256

    1ea564b9575967b625c0f0337faee3d545c1232a31350dff8e3e60f0bd2ecd7c

    SHA512

    51a0b1ea045b5eda3e8b591f10e13bca7f0cabafc333285df62230c683792acb0ad4e3e57622f5408b7070f8fcf655a9e42eaa11cd0d71bb064235112abe6d8d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\GroupUninstall.jpg
    Filesize

    114KB

    MD5

    d354ef150d31e22ac4d391f98d021203

    SHA1

    6dd9a4303e09b541795bc6b6a0d33091996c0ad4

    SHA256

    a207ebab01062ced90818811e221b760fd4530092cad799d4f8d060f24317413

    SHA512

    f6d50a35d520aff62d3c06a1b2f76676b4e7b8dde9fad6c997d4f85f264027820d6e133170b17b821a7f46b1e0e6a7865bb36550ce5618dfc1aa62af18be5e40

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\LimitCompress.png
    Filesize

    135KB

    MD5

    a0b4c1870133a45e52aafe6c6e75a3a6

    SHA1

    e5f153502642036969625cc42845b1580c2468df

    SHA256

    75758c5924ec02ff3a343a39357cd91ae88b7617918281e388250d6b05ad75ba

    SHA512

    8cbb4323710011862d81da5e1493eb0c9087331a88771a4e58c7fe7fe8fad957e79f71f6f188a0c9c9d931584113fdf6b3bfe271b150c5e5c10fcccb0ffecac2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\MergeSave.jpeg
    Filesize

    131KB

    MD5

    ba077461b8a590799f2d2808bac38e1f

    SHA1

    4df025f702377bb019a4f7f7d6ef1bbf1ce66cda

    SHA256

    5271e077b1b540d5eae304b6135e8033756f2222866f33a1684ba336e4a5e63e

    SHA512

    e02ca044e402b675382cb623e13e08f61dc5dd420a0a2030ca2251b6d41c87b7081f096f5abbde33e510840950ffbb72d66feea84f17f33f9b1dced473981b55

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\ProtectSkip.svg
    Filesize

    198KB

    MD5

    af04a91dd0040dd6ed696aa9c6758120

    SHA1

    d05f220d6f21b098571fd6c5a1af496d85c43b00

    SHA256

    3aaffc7503c3a6df70662769ae4551aa82280c87bc82d61ce7533fff1423929e

    SHA512

    246b8b2f432032bd722630599739ec9914824f64d08b7816efe62198c4278b11b03c2fe557506a952cd734abd71f450223a6edb626dd2117d36f62f7f06999aa

    Download Submit

  • C:\Users\Admin\AppData\Roaming\ERHQJVYQ\FileGrabber\Pictures\RemoveUnpublish.bmp
    Filesize

    148KB

    MD5

    4b666b0907816fad3574b7dc3737bc82

    SHA1

    255ab67cc6adc79b2e5db96edfeca367d2f08857

    SHA256

    ba689d789f3bc7446817730bb629d573b2afdc31c1681a6b9327039812d0c345

    SHA512

    d9e93c4d181e04f02eed80125c7910e225d2462d11c0b35b8efca1bf9f646aaef58b86c7303a87f0f3ca5d7abe9d96460739b053aeee5c3d04e3d00b27b02beb

    Download Submit

  • memory/1004-0-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1004-1-0x0000000000130000-0x0000000000186000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1004-2-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1004-36-0x0000000005E90000-0x0000000005F22000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1004-42-0x00000000064E0000-0x0000000006A84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1004-44-0x0000000006370000-0x00000000063D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1004-281-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1004-282-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1004-318-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download