Overview

overview

10

Static

static

10

Find Walle...ck.exe

windows10-1703-x64

10

Find Walle...ck.exe

windows10-2004-x64

10

Find Walle...ck.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    78s
  • max time network
    80s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-10-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Find Wallet v3.2-Crack.exe

  • Size

    3.5MB

  • MD5

    68f929dc1286bf7af65bf056845f9b42

  • SHA1

    1f1d9848811b3c00066f8be86035fda994ceedfd

  • SHA256

    0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82

  • SHA512

    d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a

  • SSDEEP

    24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1

Score
10/10
stormkittycollectiondiscoveryspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 4 IoCs
  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Users\Admin\AppData\Roaming\Client.exe
      "C:\Users\Admin\AppData\Roaming\Client.exe"
      2⤵
      • Executes dropped EXE
      • Accesses Microsoft Outlook profiles
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:96
    • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
      "C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\KZOWYSNI\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Desktop\EnableDebug.html
    Filesize

    365KB

    MD5

    85cbbf4e3ee88d6569e4892a398f40e7

    SHA1

    2da74dacd64bd33ff571663a8eea2bd1940475c0

    SHA256

    1f429576f85078a96e6f0a3f572b374da8f8e6171f657470d1a2479f83875f97

    SHA512

    381b3d2f282f857b7d3db336767e8f708ddc86daae2e91b098a964a71e8012119a87ec8f3363feca7409a61d3988554456bb60974eea709baa6160e77fac7be4

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Desktop\UninstallDisconnect.ppt
    Filesize

    339KB

    MD5

    78b6351422883020ceb5fb1914c91a80

    SHA1

    29e8b6000479ed079d5138e0b8fb5cd2daadf831

    SHA256

    de70458d99818190606b9c6e34bc1a0fbf8e0ecce3e65893723f854541e7a574

    SHA512

    2148c15defe82d07cebf5bb753b7f700818dcaab61cd690b26c041d9b2f2d6d9fb7816f0645994257f8efac8109673647ef145ac322c3fb9c35f512eec457247

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Desktop\UsePop.docx
    Filesize

    300KB

    MD5

    cca87a8b6f4fe72363ee7c7a7c616995

    SHA1

    bad4d7eca077bbcf7ee30e69c1ba76f330bcdea8

    SHA256

    5a6f1979376060b4b3bee8eb3a3954cd73784e93470c4e50057229ce00169abc

    SHA512

    7556a47f77d6895e777ba4219cba7e84203899ae1802e57c2eb210b4f9da685812e8001562fdd82441b5f3e0d60084c46be76a6c20265bdf7f7a2ef2fcf846c8

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Documents\ClearSubmit.pptx
    Filesize

    2.0MB

    MD5

    655ddfc8a05a76594dc76cbfddf2c9b9

    SHA1

    58bf03bb8756454f73c9e52c6abdb28b1db13148

    SHA256

    8b11e2831377fa4f96a09547f7ca6a363b98a338fb0fe4c9b7868906f204ac79

    SHA512

    2d04ac852d22acdfeee377f884160659cfb1ea674e50ae3fe5a7b90a1cba95d76b13b94103f5d7775f59be1486f00b4a201867a378547552330ad8c3dc522029

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\ConvertNew.jpeg
    Filesize

    241KB

    MD5

    f24942557ffbefc1dee888ee00583797

    SHA1

    21c1209e3614752919b26a722c410723daba5dcc

    SHA256

    60559136de42208ada31868ce26026f3fcda30f2fd00551ea200d4f8c3999b81

    SHA512

    69314c883d439b7b6436f33585f76293be4deb6cf9197f78eb80fdb60330e87129476603c666822b625849c3275623d936abb82781340ac54993be449d5c3031

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\DisableRequest.ini
    Filesize

    269KB

    MD5

    08e0893c6d24b16f3cbb9ead28d8e7e6

    SHA1

    f4b32ccff85f3abeaede77b2c5f5e59c502df520

    SHA256

    f2b77e9a1548f3b98660441de4cefb3ba723826503813df7b0884809fb35dc84

    SHA512

    78451a4472bf950f2f27a7cf5ab8f9d660bd1ecec81d950a73381399f9bf6d1db1ba1a1c92f0a9637ccdf86b89e6c8394aa4ec18879ff47ffb000144bedc5655

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\InstallStart.docx
    Filesize

    163KB

    MD5

    61868e437b88b59f37a284891f3ae1bc

    SHA1

    d182454610222a242491091f30bddb993bd37fe8

    SHA256

    d52fb90629e510c0001fa6835ebe533dbebb617b6a06b5ea7ab2e675e16f10d4

    SHA512

    5dfa30af67a7eb325dd12452eb689a21a946cf4f3550e9633bcbd87e79766ed4f2ceeb2d33406505148473807b3229d86dac947836e0c9946979d49c9d93263d

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\LockEnter.txt
    Filesize

    198KB

    MD5

    42557a9e07fe0f7900eaff3c800db511

    SHA1

    dfa5cb9aba950b4c400794ee4af0e55ecf3871ba

    SHA256

    62d742de52135d1d3aae913e383c707e215fef4e730fd9bc28bf2f8fc68f833c

    SHA512

    32d4639337815461bf4cf79921dcea8ba177e4e3ad84e3ad5c8e390303dd8da208c44ac259632e6ffb367582b35292f033152eba7148ae1679b63c80f4e829cb

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\MountLock.txt
    Filesize

    148KB

    MD5

    0714534f530e423e132d4c37302559c8

    SHA1

    619247041ecb06e6049b58233a13fe59b0857555

    SHA256

    c3a807939a4c75bcf38099aa4e1af9d72d2be4b391a566347f34f37a817bf7be

    SHA512

    3ea543d9937f2a27b735c37130d2f9b90ec03cc31f82ee28f73079be93d4da9376513a84d1446b1dbba311add497049dad4e67073113a1081d0798935dac7285

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Downloads\ProtectCheckpoint.rtf
    Filesize

    283KB

    MD5

    78efe67312716ab970ff4b322f0ca60e

    SHA1

    6ef60c255bb123998bbc7b5eaeb86ee32e2e7276

    SHA256

    b9bdd9dc6c72bfaddebf324f154e2b8fad243d8fc543cef56c41ff8da822fc5d

    SHA512

    13fc1f3aa52787e53d17880fab8e868b762ce2b295e1fa3d5aab1f3a2966f8641ec063ac896641fd19cfbcbf59e66a5fff4ddaa5f4d33cb61411afc91754bbc9

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Pictures\CompressPing.png
    Filesize

    340KB

    MD5

    b194a6daef54d25898116ad1f19ab7ad

    SHA1

    7e3323b8a5c9f36f1ba59cba74bf9157c16fbe51

    SHA256

    04cab27e98963b330fcdda7b5272cccda72f5f3790c175a616d5339360de9a4e

    SHA512

    3c97ed86322cf3e963db6713a2e6a4947845317b4a13b42443cba386001113c0d860c9919984cdabc627cbcca723ffdbe758bb43a6227e59c9631a2caec01d89

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Pictures\ConvertImport.jpg
    Filesize

    502KB

    MD5

    823f3001bbaa43c08f1915e00d4cfac0

    SHA1

    1d0868a58dfcea7ee8c37ea8161543e4b8e68296

    SHA256

    d7358485af7ddb703cf712d5533192184e550a17bb8d1e1f0c07cf183428cd56

    SHA512

    dabded4a5be76fd29d165fe06e254bd196a4d23839cc59d7997a12c86fc5df995d6652c55c0cf2a06557c395d6560199d05384c9a2625c8e93d781396e79a390

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Pictures\GetGrant.svg
    Filesize

    266KB

    MD5

    11b0dcfe584fb4fcbd788d0c1cef879d

    SHA1

    a458620ca82111d363253f51cad68443baf406f8

    SHA256

    f31e82d242656fdbea0ef60d381f249ac9aa650a19e3e5a59cde891f2dd2ba9e

    SHA512

    4c48fdec4d9f5162411edf3539f82f852be2fabe755b06d17d22c52adc8424613ff0616becb20f4d850b0f6e79e2ac385db88e52a80adc8b576fc2670c055a21

    Download Submit

  • C:\ProgramData\KZOWYSNI\FileGrabber\Pictures\ImportReset.png
    Filesize

    636KB

    MD5

    36a4bd7404b0e2a7efc4e88c33222420

    SHA1

    70527afe41c983e4b5987475f31ddd02a4affb06

    SHA256

    443fec0c0904157605487b05a756b5d1730820509a8777e20e32156352e25614

    SHA512

    c65af1153bd94fcf1b8dc22e3d43e6e44ef8d9580b51949c1ef5bb076fad1610f1f6ffc17d24027a07916989094b323186660997ad226f924be4ded725b76d1c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Client.exe
    Filesize

    320KB

    MD5

    bc5da83795b587fb1dfce2d6bef2d176

    SHA1

    ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0

    SHA256

    d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb

    SHA512

    503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe
    Filesize

    3.0MB

    MD5

    c309cb9865dfc6dbb7f977f4c0f722c0

    SHA1

    b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9

    SHA256

    51472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5

    SHA512

    a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797

    Download Submit

  • memory/96-17-0x0000000000C70000-0x0000000000CC6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/96-238-0x000000007114E000-0x000000007114F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/96-14-0x000000007114E000-0x000000007114F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/96-267-0x0000000071140000-0x000000007182E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/96-43-0x0000000071140000-0x000000007182E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/96-240-0x0000000071140000-0x000000007182E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/96-48-0x0000000006780000-0x0000000006812000-memory.dmp

    Filesize

    584KB

    Download

  • memory/96-49-0x0000000006D20000-0x000000000721E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/96-56-0x0000000006C20000-0x0000000006C86000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2336-18-0x0000000000380000-0x0000000000690000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2336-44-0x00000000083C0000-0x00000000083F8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2336-16-0x0000000071140000-0x000000007182E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2336-239-0x0000000071140000-0x000000007182E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2428-0-0x00000000736E1000-0x00000000736E2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2428-1-0x00000000736E0000-0x0000000073C90000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2428-2-0x00000000736E0000-0x0000000073C90000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2428-15-0x00000000736E0000-0x0000000073C90000-memory.dmp

    Filesize

    5.7MB

    Download