stormkitty | 17ff9f594f93a70b84c110c94e0341d2385260642e4f036cf2fda381c66be4ba | Triage

Submit
Reports

Overview

overview

Static

static

@Cybnux_XW...er.rar

windows11-21h2-x64

Resubmissions

24-10-2024 15:28

241024-swc76s1clh 10

24-10-2024 15:25

241024-stz9xs1cjb 10

Sharing

General

Target

@Cybnux_XWorm_v5.6_Cracker.rar
Size

19.7MB
Sample

241024-swc76s1clh
MD5

0b87bf0a97079e39453d580707339f8d
SHA1

e6cc2b04766f9942c90caba2046bfbd936210d2b
SHA256

17ff9f594f93a70b84c110c94e0341d2385260642e4f036cf2fda381c66be4ba
SHA512

514c4ee3c37e4f1d92e8ba980c1d64cfd8b2bcb4b5daecffa527bd43850a9bac737e362244bda78970b3d044bca51ebc9ad95bfc868a9808dd44c965913ca2bb
SSDEEP

393216:rya9e39neJPF6z48TCtSTNzFpatK/GGQLmHbOoe47Q3pOHT3DEu8tlI:ry33USlWANzv85y7Jeh3kbsC

Score

10^/10

stormkitty xworm discovery dropper rat spyware stealer trojan vmprotect

Static task

static1

vmprotect stormkitty

5 signatures

Behavioral task

behavioral1

Sample

@Cybnux_XWorm_v5.6_Cracker.rar

Resource

win11-20241007-en

stormkitty xworm discovery dropper rat spyware stealer trojan vmprotect

windows11-21h2-x64

28 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

BvnN4Uiu1lHu4rUW

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

install_file
USB.exe

Targets

- Target
  
  @Cybnux_XWorm_v5.6_Cracker.rar
- Size
  
  19.7MB
- MD5
  
  0b87bf0a97079e39453d580707339f8d
- SHA1
  
  e6cc2b04766f9942c90caba2046bfbd936210d2b
- SHA256
  
  17ff9f594f93a70b84c110c94e0341d2385260642e4f036cf2fda381c66be4ba
- SHA512
  
  514c4ee3c37e4f1d92e8ba980c1d64cfd8b2bcb4b5daecffa527bd43850a9bac737e362244bda78970b3d044bca51ebc9ad95bfc868a9808dd44c965913ca2bb
- SSDEEP
  
  393216:rya9e39neJPF6z48TCtSTNzFpatK/GGQLmHbOoe47Q3pOHT3DEu8tlI:ry33USlWANzv85y7Jeh3kbsC
Score

10^/10

stormkitty xworm discovery dropper rat spyware stealer trojan vmprotect
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Download via BitsAdmin
  dropper
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

vmprotectstormkitty

behavioral1

stormkittyxwormdiscoverydropperratspywarestealertrojanvmprotect

© 2018-2024

Terms | Privacy