Overview

overview

10

Static

static

10

Find Walle...ck.exe

windows7-x64

10

Find Walle...ck.exe

windows10-1703-x64

10

Find Walle...ck.exe

windows10-2004-x64

10

Find Walle...ck.exe

windows10-ltsc 2021-x64

10

Find Walle...ck.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    1169s
  • max time network
    863s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-10-2024 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Find Wallet v3.2-Crack.exe

  • Size

    3.5MB

  • MD5

    68f929dc1286bf7af65bf056845f9b42

  • SHA1

    1f1d9848811b3c00066f8be86035fda994ceedfd

  • SHA256

    0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82

  • SHA512

    d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a

  • SSDEEP

    24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 7 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Users\Admin\AppData\Roaming\Client.exe
      "C:\Users\Admin\AppData\Roaming\Client.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:3028
    • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
      "C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Desktop\BlockResolve.pdf
    Filesize

    156KB

    MD5

    af2d5ec9b73edd6d71fb5020cc2e9a8c

    SHA1

    e794de32a34186906296a4691db66dd74a9f946d

    SHA256

    93416c467817f479fbbb410c4f974524ef00df2a08441a7f2a6f37326251ae7b

    SHA512

    1680ae6dd66f2cf79a131d9142ea6e1d04f50213b726e7a7b2302bf4f35013337ced0132e23e9996669ca702427f698479752e59118dcb212c24c682ad2f67e7

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Desktop\SubmitEnter.doc
    Filesize

    188KB

    MD5

    2ea079d2535a6c522609ce3b41dc857f

    SHA1

    66dedcfd63774a4f5deb4871150efdceff66d5c6

    SHA256

    bfe5f7ed9f9396c8bd2a921696c0bac83129779bc0c9b83343ac8646a92df739

    SHA512

    9d0ce45436b56810786fb9168bcbdb22f7f1845812ce6c92ff069c05470d18454ee49811d053ff8a096fb06d4bdedbc946210acb6e26eac8f2bf2c11f71d5e4f

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Desktop\SuspendLock.png
    Filesize

    211KB

    MD5

    54b5664bf57e0f2ce94b27bdf0cbb613

    SHA1

    03963ddcff2adef4939a197775e4a1bd104334d6

    SHA256

    c29fba89319f175970051a61a8358905ef6ecf42844e2531581a545efb54defb

    SHA512

    2d109369a5adffda644885849a0778a41e162668f557d95ae66d017ac29dc93779eb5b9383f28bd6eba0235a520e6d90762576097e66b60edc62923837293007

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Desktop\UnprotectStep.sql
    Filesize

    258KB

    MD5

    45c60fcbee6408d6c2ff6877eff5e697

    SHA1

    be3efad69394acdcddb2b0a7a2f23d4ea7fe5f3a

    SHA256

    228493036083073a704afc9954dfb53fe7c68f55a5e4201879b61c0970c39f13

    SHA512

    82c485e60c6a1c3e8a4a128c35818b65d7fa1963635496b8766c658b7cf7e5516ef387953ad5ef05e1405d2ee46b252319a90fe608cdb9a84a8f27a25d7c03b7

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Documents\GrantJoin.doc
    Filesize

    476KB

    MD5

    f2c268b9adb354d3853885539e3d5066

    SHA1

    e4802fb8e8c44583e285b96264f4982fd9ff7ef9

    SHA256

    5cb3c046ed78765e6c956cb5614221d8ff676d22889068b7936698b9525cf09d

    SHA512

    3b5136afd3646ce524d08225b2952b9bc123fe129e4dec229f6f602322b97f15d790323c032170e09b6feb35a91f26d0566ec5b4fd6b872e41e317b8e1dd3afa

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Documents\InvokeReceive.pdf
    Filesize

    448KB

    MD5

    2be429e9420c296dfad9d88a962211e8

    SHA1

    167819730b8bca78921f0f03c44196dd5295abcf

    SHA256

    4851b4ecfbf00b498395e474f9626d2021dbe9101bc8fc19acde2994b49b5030

    SHA512

    c46d75038cc4503edce6ddbcf21d231d9163b8d93f9a6ed10f7d84c28f069e1c23281a06c4362ebd44773d9472cf94f73918ecaf6f645365820648eee895179c

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Documents\InvokeResolve.ppt
    Filesize

    1.7MB

    MD5

    361509d9d9d9267e3f4a44e4c05ad034

    SHA1

    f2b6a77a40b3e081ab3d863a87fd8e927aba42b0

    SHA256

    be2286a7a9d2d36366258806d5a6c08365b81e375efcecfec069697516d13944

    SHA512

    1f9fabd3825e2922c6d7fce9b829fb86070dfa3aa38e7e6e376aafe27eb49930cdd20a93b0ce03a634b92ec7e5e13cc5bc1efafedd2328a7dca38eb9e84632f1

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Downloads\CompressRename.ini
    Filesize

    399KB

    MD5

    e342b240c01f4730fa85003891d61f75

    SHA1

    c051fef194226fedfe03ef1347b1ee7f7c071db6

    SHA256

    94a7551c34f258796d6acab581a90956c8da3fb173e3f66a33b07df9c60d16f4

    SHA512

    55f688dde811bb8a36b53409625d8add3a2854b40ca0934cbef32e4758ff2f42f811d146a2708582da76b01504d5bc14e9498a7b55473e76b5073fa182a4552c

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Downloads\DisableStart.html
    Filesize

    782KB

    MD5

    885b9db99d65d38131c197e2c79d92b7

    SHA1

    648807876c344a48d766d18aeba3a747bb104395

    SHA256

    02160f3a995bf7db39cca96e92e41bfc1aa94a1bc6787c1e13cb804d8ce10fb8

    SHA512

    d6856851f9676e14b5fb51325590c7ab1c8cb90d56ccee098bfe83ecfb067f8b76c97d167a1db55a3c267071572a1a0d949000fb935960091c303f0b6ac6ec1f

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Downloads\ExpandReset.pdf
    Filesize

    538KB

    MD5

    6aa21ef922161cc307aa0739071f2334

    SHA1

    7e90e4b2864e27446466d5bc71404661273b4bbd

    SHA256

    2e6c6bc95675fa3a382943ca33dd9e9df2d20f5e793bea78bb885aebde0313d8

    SHA512

    13e50bfe173f91188f65b3bc5ab19a8a25dacdfad9ed0c15352c710e4b3fd3e2f2bfcaaeacea8ed9ba55be9472f7a3e6409ef9bbcc2c27694546cec431510fa7

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Pictures\CheckpointUpdate.jpg
    Filesize

    451KB

    MD5

    ed6e8c8ecd5bf0004d2b30569c1382e4

    SHA1

    a455a46633ffcfeca9062b6b44916db898b3892c

    SHA256

    74d6ef04f7064ceb6b0435670ff261219c741982e97871f6b46def7a0044f380

    SHA512

    a5dc0967ac321a336019eaf65b19ec2571e4e8cf3f534ca104e0f90143c8f598025171201952dd34f716e9f17fbfc7c1dbb8ec862da455324f52721f2a843d04

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Pictures\FindLimit.jpeg
    Filesize

    308KB

    MD5

    69e69273a29a92acdcfdea5db0fc56e8

    SHA1

    9eb7360960cd6ae589bfd316605325e1acb9dd25

    SHA256

    c0027fef6774a849c6209aed882198d899dce33ba437c20c31f9d00d0d1ad10a

    SHA512

    e3d8ca748d572c601635bd2961caf53af18201d0933df43fbbe9135be27a277d46a3b0f20418f68ed9a6e914a1fad5adf696ea9b8477cf50ab2cd1d9982653c8

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Pictures\FormatResolve.bmp
    Filesize

    390KB

    MD5

    6400aebb0b6e61da4f84e0fc4a58de38

    SHA1

    f7dc9805e2e442fbd6bf4b6f796ec81c07363ab9

    SHA256

    57a1b8b01d4bbd0a7aa999aa0a5c53f7091deebadde6d15d391a869964f48103

    SHA512

    1813a004574ad2a0da5926a06f84e1f8df727930f5ba7862643b55d5722372be6bf154f6a6e84e806201395992b69f48511208b17d7ed8015dc47fe0cb94c3d9

    Download Submit

  • C:\Users\Admin\AppData\Local\XPAJOTIY\FileGrabber\Pictures\InstallSave.png
    Filesize

    503KB

    MD5

    0fd6c58ba58827c285095511858c2344

    SHA1

    9d7692a2dde886b2a4feecdc0330a5ad5e069f45

    SHA256

    196393b3f1e9463f728cfe7089af05e36afc87869db5572364471a96104b9692

    SHA512

    34d1996b0ce3b554d8f1b3e61b5e4116cfe2be9e49e586ebf851e33d1c16c60a6f96c16761abd918ce5040e8cee742a4e06e34d831c986659905a4d1fb76a46a

    Download Submit

  • \Users\Admin\AppData\Roaming\Client.exe
    Filesize

    320KB

    MD5

    bc5da83795b587fb1dfce2d6bef2d176

    SHA1

    ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0

    SHA256

    d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb

    SHA512

    503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5

    Download Submit

  • \Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
    Filesize

    3.0MB

    MD5

    c309cb9865dfc6dbb7f977f4c0f722c0

    SHA1

    b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9

    SHA256

    51472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5

    SHA512

    a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797

    Download Submit

  • memory/2484-0-0x0000000074461000-0x0000000074462000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2484-4-0x0000000074460000-0x0000000074A0B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2484-2-0x0000000074460000-0x0000000074A0B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2484-21-0x0000000074460000-0x0000000074A0B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2728-20-0x000000007238E000-0x000000007238F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-181-0x000000007238E000-0x000000007238F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-23-0x0000000000800000-0x0000000000B10000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2728-50-0x00000000002B0000-0x00000000002BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2728-51-0x00000000002B0000-0x00000000002BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2728-210-0x00000000002B0000-0x00000000002BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3028-22-0x0000000000810000-0x0000000000866000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3028-180-0x0000000072380000-0x0000000072A6E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3028-24-0x0000000072380000-0x0000000072A6E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3028-239-0x0000000072380000-0x0000000072A6E000-memory.dmp

    Filesize

    6.9MB

    Download