stormkitty | 80e3e1b6447f2f22593ca40b29a153060c2c92bb5e237d2932a275f87dc16146 | Triage

Submit
Reports

Overview

overview

Static

static

sample1.exe

windows7-x64

sample1.exe

windows10-2004-x64

Sharing

General

Target

sample1.exe
Size

45KB
Sample

241020-ve1cgsyfqc
MD5

d4e300eb8ed5bc378b50c2c0fa73dd82
SHA1

de0f866207fa8d5018a82aa75261a65b7d6697bd
SHA256

80e3e1b6447f2f22593ca40b29a153060c2c92bb5e237d2932a275f87dc16146
SHA512

ffaeba3bd79aed5b1f812dcb07efdddf27ec38c788a042f78c57d3caabb363a8c6720df2d0cf9b830b8c73dea2d8350e5e700408c4e831ce3287793aed9b5a8f
SSDEEP

768:+Dl1L0/tSsg+vpZzXOC/5G6hKCJmt02XtRkbyh2M3qQYHzYOahWlte:wzL01rrzXOCRthKCJa0wkby0LYOawHe

Score

10^/10

stormkitty xworm discovery pyinstaller rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

sample1.exe

Resource

win7-20240903-en

stormkitty xworm discovery rat spyware stealer trojan

windows7-x64

11 signatures

1800 seconds

Behavioral task

behavioral2

Sample

sample1.exe

Resource

win10v2004-20241007-en

stormkitty xworm discovery pyinstaller rat spyware stealer trojan

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.16:40164

147.185.221.20:40164

Attributes

install_file
System Volume Information Prefetch.exe

Targets

- Target
  
  sample1.exe
- Size
  
  45KB
- MD5
  
  d4e300eb8ed5bc378b50c2c0fa73dd82
- SHA1
  
  de0f866207fa8d5018a82aa75261a65b7d6697bd
- SHA256
  
  80e3e1b6447f2f22593ca40b29a153060c2c92bb5e237d2932a275f87dc16146
- SHA512
  
  ffaeba3bd79aed5b1f812dcb07efdddf27ec38c788a042f78c57d3caabb363a8c6720df2d0cf9b830b8c73dea2d8350e5e700408c4e831ce3287793aed9b5a8f
- SSDEEP
  
  768:+Dl1L0/tSsg+vpZzXOC/5G6hKCJmt02XtRkbyh2M3qQYHzYOahWlte:wzL01rrzXOCRthKCJa0wkby0LYOawHe
Score

10^/10

stormkitty xworm discovery rat spyware stealer trojan pyinstaller
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittyxwormdiscoveryratspywarestealertrojan

behavioral2

stormkittyxwormdiscoverypyinstallerratspywarestealertrojan

© 2018-2024

Terms | Privacy