Analysis
-
max time kernel
438s -
max time network
1160s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
25-10-2024 06:04
General
-
Target
Find Wallet v3.2-Crack.exe
-
Size
3.5MB
-
MD5
68f929dc1286bf7af65bf056845f9b42
-
SHA1
1f1d9848811b3c00066f8be86035fda994ceedfd
-
SHA256
0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82
-
SHA512
d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a
-
SSDEEP
24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 4 IoCs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Client.exe"C:\Users\Admin\AppData\Roaming\Client.exe"2⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
-
-
C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105B
MD52e9d094dda5cdc3ce6519f75943a4ff4
SHA15d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7
-
Filesize
572KB
MD5022a7a71966bd3851a4db70a7825b9a7
SHA16bbb91f704cbbbe332b28f532419a6a86108b78d
SHA256e72df48cf1e7661160d6d1236f39a7a1d95dd92377be56447e781881fbe91d8f
SHA51200cd8bbf1783e0491271afa167f3f659c33ae9dc84d5934cc5ea9e2a4594805128ac7ec0c4c2363a430a344334b7d2cce22521af4ea2681a5b804057dd670428
-
Filesize
548KB
MD591b85b42314f421656de8752e526e589
SHA1476a69d81f178a1c52e1718880e3ba4adb9b3c84
SHA256eaa8c8b5325dda1ae24e0718703d2da5c8cf394ebe999082621d4208f1ef245b
SHA5124197563fc209e93fbbdd47fc0eae78bc9959ee12b86cef28ccd78be31bb49f39c02b24f3463f976d332b320714fd8d0ddf11cf6fe77170645189be3ce5cc43bd
-
Filesize
676KB
MD59a1003363fa654b6cabb47196fbd3d0a
SHA11717dfc7d1485c2019ec72f31ea010bee5c261f2
SHA256ba78eb2a93889550a26e506e3cb46ce7426f56cd3d591bf3d8bca5fd727b7cae
SHA5126d7b1f325e3647534ae7013a719384fd97e42da5300ad60306c68c5eb6d7cb0cd78554fc6c681999f7143b301dd875392238767486e71b0bb8b4185b3cca6b21
-
Filesize
676KB
MD5baff41d1a5d29c9e80741353f5b170a5
SHA183ece85f04f3caf103b88ef83ac114aa324a716c
SHA256bfd9c57d8e3750883e7ac5f755fdf71aed394d5f0b75ef6f376c4d63b630a7a7
SHA51218432cb5d9dbfb0ca5945df08950c4326a1021e6e8e7ddcaf10d37274327a68925cd19f4727c532ba54d0e8825e4ea9208a3fed99533875c055269080b87cbf3
-
Filesize
437KB
MD59b59af8636f9e1bfc22fb729a2266523
SHA101515fb278d23c39479a86347c992967a6ed0557
SHA256923dd914840fa904a3f43218aaf4eea766b0468c0a7778aed9029a0f210e6b72
SHA512fa99d051807944f0118f7ca64813bf33727f17a05f40f51c478735d3077635b3dc05d0b9371071dac62e45ec8913b0904610352dae0ec911a7a2566766a6b642
-
Filesize
551KB
MD56d58064d19543a95afb764504e635b47
SHA152e611da041e1e0d0d7210c294fcd3458069d927
SHA2567f9fca7c4b47017925c3ec9339d6966bc326a7f74b5964e866908950bf922d60
SHA51280d3a582dc9bda672d6afa23535259931e525e14b0e2c7f7053a39b86a686c8ddbbffdd2a0edd08a326245611994ef26d863e3b1376defff68dcb4dbf3f18b02
-
Filesize
589KB
MD5d3c719316f1ea0f04a74ff40f10024b8
SHA14f44f25293f36be53584679beb36350e4a07ea83
SHA25681e587d66ddc05b22e84dab3ffc7fcd653c2cc99c1f84e8df7cbf28d35d60bcd
SHA51258c957c88bff85927317efafab58061efb7300634526c7b79a32b2dc9f14b2c52118a5b28e9badf954220515d8e9ea0a95be880b44aa9971b265c5cc3a50fc6b
-
Filesize
4KB
MD5f925632a1add3e89ebd87e3bda3f0ac3
SHA14637c514d42c862d9bdda70ca3ac6b1871ed21a5
SHA256baeaf533b4a2dc83ae14b94aee2f0b03364979f4f1b734757318e75b486ffbd7
SHA5126fe4cef9effe804aed132ece75b9754b5993a389cd191ca14a83b1f6e4ae97547de607e7d2b43427967af9703905241c6b6acb5c15e072ecc0e1b0cfd9e34018
-
Filesize
320KB
MD5bc5da83795b587fb1dfce2d6bef2d176
SHA1ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0
SHA256d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb
SHA512503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5
-
Filesize
3.0MB
MD5c309cb9865dfc6dbb7f977f4c0f722c0
SHA1b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9
SHA25651472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5
SHA512a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
3.1MB
-
Filesize
224KB
-
Filesize
56KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
584KB
-
Filesize
344KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
7.7MB
-
Filesize
408KB
-
Filesize
7.7MB
