Overview

overview

10

Static

static

10

Find Walle...ck.exe

windows7-x64

10

Find Walle...ck.exe

windows10-1703-x64

10

Find Walle...ck.exe

windows10-2004-x64

10

Find Walle...ck.exe

windows10-ltsc 2021-x64

10

Find Walle...ck.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    437s
  • max time network
    1157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2024 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Find Wallet v3.2-Crack.exe

  • Size

    3.5MB

  • MD5

    68f929dc1286bf7af65bf056845f9b42

  • SHA1

    1f1d9848811b3c00066f8be86035fda994ceedfd

  • SHA256

    0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82

  • SHA512

    d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a

  • SSDEEP

    24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Users\Admin\AppData\Roaming\Client.exe
      "C:\Users\Admin\AppData\Roaming\Client.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:2888
    • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
      "C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\YQRLKYON\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Desktop\CompressWait.txt
    Filesize

    459KB

    MD5

    09f79ca4b3356d9c5c4589bde59ca492

    SHA1

    6502ecf4baac9259cd2cca6cb46289f0d8bb3f16

    SHA256

    6445e7509d43af45301f7c11821c4c4e44399111e51e532fb2ed690de95df4ce

    SHA512

    4f0ba86d6ce417700b1cd1e886da6d197eca9755a152e1a8b0d764dde020f678c7efecef722d00c1b2ae6f5a563fc6392aa328d981631467dd1148a46ed27dac

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Desktop\LockPop.ppt
    Filesize

    402KB

    MD5

    9cd8d067f4ec9d9cbc7e5cc2bd328d43

    SHA1

    82821227a09bc5036f75d91ad1561e4017df08c8

    SHA256

    14963dc1d299815a79102aa93243563d10be4e087ed36f98da4358f9a566d808

    SHA512

    e19da07c18102feeb02c8e2dc0e20e7f9a96382ede42df77ec4c21f3911cf54dfe8d4ac9ac7fb239cd7f881f8a30bb6e05caef8c90a6924c6f5c366dbfc57462

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Desktop\SaveStep.xls
    Filesize

    215KB

    MD5

    69f6fe07aeba878b482427dc56aab30c

    SHA1

    5708bc0508c29959859ced470da69165564db77b

    SHA256

    fef68a995fae96041946db66b81abddc89c8c556d9d000c9cd9e28dd21697467

    SHA512

    a52d33a991a94747ab8e93835a12c38cc0d9e16906be75e570464ca5fc8b38a6b58a18f38e21f193fab91024954b5bcd55261806d620720d1d7188053a4bf48f

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Desktop\SelectSave.png
    Filesize

    431KB

    MD5

    3a317429b1ffb1e819057701e449da20

    SHA1

    f4f0b6fa7d2802b34dcd8eb9775ccf63b602012a

    SHA256

    bdda0ce52abce91e04416072c03bca8d39bb95af8f5f2d09091e9e51ffb47c13

    SHA512

    226cebf11778ab97db31bbeeb68abad6af00a22cc990721a05887d1d98fc70db27d526089a1c6e11d932aecdc01c80439d24a0c1a9b482cce4876cb0ac9079db

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Documents\ApproveNew.txt
    Filesize

    350KB

    MD5

    03f7ba2aad147ee422aa186220d167a5

    SHA1

    ff2b305dbf20e2d49ac5d3ee60fcd50e01d15735

    SHA256

    e4c136097a6cfe77191bcccfbfb068449b50ffb805f91a08e53338331d777fa1

    SHA512

    984051ec31a2d962b77b29bcd51c336a0d0a1e6638f7efd929b3e8812ae43f486974a449de8dd73f75d12fb6d62209af7ac1565717ec63ffccaa4ee0c873199d

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Documents\BlockResolve.pdf
    Filesize

    518KB

    MD5

    52d4dc89e17557abbd0c6d2c030c473f

    SHA1

    41ccf7b2254f87f4791ba5dda4f6e78fb21331c8

    SHA256

    68e97cbe94a90967f2c22dd150879ab93075967e34083f81fb1e36435ffd7773

    SHA512

    68e3cbc7e53e3b01f5cb101a2c60750a62e62a746b8019114a91d5d484237430876481ab6738e863cb22f908e88d490dc3708b0b7522f676e06aa050ef341c79

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Documents\ReceiveConfirm.doc
    Filesize

    322KB

    MD5

    89750cc23b8dec967f3848e0557b09b9

    SHA1

    d1d80d092da0abd82e236ec78e929b1328061b1a

    SHA256

    5452e127a8fe401649b49bf375fe8339945e54371cd6ba7a3794187f67eb866e

    SHA512

    148739fb97e65c8568d3a94a51d424cf4711c1872c4f58b33ccc51d6653f548fcb6dd8d77bf31ea1ddf48aefa1e6b4cca5154dd55f0cd817cda5eb9803abbb4b

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Documents\RequestCompare.pptx
    Filesize

    616KB

    MD5

    ba1c19e7a9ebad921b69e702a688c236

    SHA1

    d7c131829c45d2122fdf8333565e2e3ef32c4371

    SHA256

    cffc2f49e01b7fa3feeb3e7d166595f18be236fcd9041ffb3764bed3a635943d

    SHA512

    937b33fbcd89a21133d9ed024fc64a7afdb00c5db7422f5f78def3d95a1ecd4e9e6052e8201f71689c1777bab03bf98edfc088cdd8f604ea8eb62d6af26cb265

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Downloads\ConfirmGroup.pdf
    Filesize

    380KB

    MD5

    ef2b732cc79c44b30adb28da2a7f8a38

    SHA1

    9a576dce6bb2fd7c6d6acac3b6c979b70ec78c08

    SHA256

    d480b47fe9ff163df9da06df3390bcf143e8959062cfcb24e285126c529500db

    SHA512

    bfcd23cdaa5356b2ff4e96f041cef43801b9b80a4243acb0d540ff063bc6b28cb0733ba0c014ec1ffddc9fad836d542cc7608ee9e57d6c0e6a8a76a6bdd4ec3f

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Downloads\DisconnectInitialize.pdf
    Filesize

    760KB

    MD5

    92b7297898ea6bac83c2332c54fc6dd6

    SHA1

    5e3d6e116e5f33d2f2f66968ecefdaffbe79aa2d

    SHA256

    95a7796da5da5151c27003ff203fd3c19fff7392fec9af54ae309433be70308c

    SHA512

    ec9ce55302485247cb473a7d6de265928d77a965567104524adb124b3dceb06088f10c6825a344ea31fe1f23b602ebf6df4ce7c55233f6510647cbfe1f2f36c1

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Downloads\LockGrant.docx
    Filesize

    1.2MB

    MD5

    c728a026442cc33f4ac4c0c6e2a5dd44

    SHA1

    d96809e69f300b1dde0c9dce24d2c787189255a9

    SHA256

    6eebf9780ed2ea1fc8ab8fb202f8ab7641bf78e87f12a8690aa3b4816960a091

    SHA512

    ea9090e06aa6f8d672f79f7b773b2f0df78fd16bb388d9917c82a16c3b182ac524ff021710532ba2257d9816217631d844afe95823cd59c776d66d85e8a7bc63

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Pictures\ClearCopy.bmp
    Filesize

    504KB

    MD5

    3d1762c2b211da27e69d9097d86ba50f

    SHA1

    05f3bacf32a12f8c9e5b2fb4ca97767dd72ebd7a

    SHA256

    c151c54f327330f17e13c1253d50d2ed2cae0d67035cdb6a524b5431b4ee1da4

    SHA512

    5bd253f8102386299269986e40b340a145440d5b23a6d556dbb684e14a323f52713dcf08ca14801937d45c05b093054f2b7a861a021f9f104d129932980a4a07

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Pictures\ConvertToSkip.jpg
    Filesize

    411KB

    MD5

    01011612f20141b6e0db08e9ff42842a

    SHA1

    353d5c1ad017361265b769713873a69fb037a025

    SHA256

    ddca446298c97e2d6cdc13ec9edd718ff22b28fb0b12ba514bb8c111b9afeeaa

    SHA512

    c8b75f62afefab2e2105bbf38f1eafbb34859d217887a839063b7ea49a3d76df889b94eaa2e36015eefc98801e62230d4e6641f326cb7a07257cf82d338a2ce1

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\FileGrabber\Pictures\EnableRedo.jpeg
    Filesize

    385KB

    MD5

    23d4bff035d83ff968de52496a8e76b0

    SHA1

    891d4b9347ee8b7cdb18e60aec6791c2cf898b58

    SHA256

    6fb2b715f2ff98fb7a393314c532fed35e2ae5de412e03c4491b57ea9b0fbd00

    SHA512

    110f4cec7e43ad567b897afe14339d7fc3b0fb6369eeffc657af0befc435eeb2178a979d98c146474a578fc1f99bf18d55cb18da25586d33a23ba06c1e6c8eb1

    Download Submit

  • C:\Users\Admin\AppData\Local\YQRLKYON\Process.txt
    Filesize

    4KB

    MD5

    a9da1a7c0dc689f363d13e2ae332efa0

    SHA1

    853e7e037d71ad715c1441d6fc232fefee29698b

    SHA256

    1aba49c017f831b5f84ebe384486038d8d28b8aa8dae13d730e868f9cf698cfc

    SHA512

    03782e75db764a7b6436848442a587f4dab4009f43e65db5b9e37d2fdd6fe79dca757b4c307d3106573b8c3cca1ed5b992b74dfd92f3d9af3898a5f5a105d0fe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Client.exe
    Filesize

    320KB

    MD5

    bc5da83795b587fb1dfce2d6bef2d176

    SHA1

    ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0

    SHA256

    d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb

    SHA512

    503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
    Filesize

    3.0MB

    MD5

    c309cb9865dfc6dbb7f977f4c0f722c0

    SHA1

    b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9

    SHA256

    51472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5

    SHA512

    a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797

    Download Submit

  • memory/2888-51-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2888-22-0x0000000071D6E000-0x0000000071D6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-328-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2888-72-0x0000000006290000-0x00000000062F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2888-231-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2888-67-0x0000000006400000-0x00000000069A4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2888-61-0x0000000005DB0000-0x0000000005E42000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2888-193-0x0000000071D6E000-0x0000000071D6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2888-27-0x00000000001C0000-0x0000000000216000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2964-30-0x0000000074B90000-0x0000000075141000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2964-0-0x0000000074B92000-0x0000000074B93000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-2-0x0000000074B90000-0x0000000075141000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2964-1-0x0000000074B90000-0x0000000075141000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3780-29-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3780-28-0x0000000000F80000-0x0000000001290000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3780-76-0x00000000091F0000-0x0000000009228000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3780-60-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3780-77-0x00000000091C0000-0x00000000091CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3780-297-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3780-215-0x0000000071D60000-0x0000000072510000-memory.dmp

    Filesize

    7.7MB

    Download