Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25-10-2024 06:06
General
-
Target
Find Wallet v3.2-Crack.exe
-
Size
3.5MB
-
MD5
68f929dc1286bf7af65bf056845f9b42
-
SHA1
1f1d9848811b3c00066f8be86035fda994ceedfd
-
SHA256
0d20648267d3004ba95b04f9ef01f3f6e40644b46773990807c2741adbdd3d82
-
SHA512
d2019f58239c44e8a0b2e92c04985943c998e32974b9a322fd3d925c13ec83b733520ddc06c15b2e43ab2587b1fbb4f799b6972f5f9b4069c5d7023cf720249a
-
SSDEEP
24576:GfP8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tp:UP8j/MW+ise8IW4rF5ovXy6t7BQj1
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 4 IoCs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"C:\Users\Admin\AppData\Local\Temp\Find Wallet v3.2-Crack.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Client.exe"C:\Users\Admin\AppData\Roaming\Client.exe"2⤵
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
-
-
C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"C:\Users\Admin\AppData\Roaming\Find Wallet v3.2-Crack.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105B
MD52e9d094dda5cdc3ce6519f75943a4ff4
SHA15d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7
-
Filesize
305KB
MD5d3241ba20dac126226a22f7d22ee4908
SHA17c517b7a81ed8d600d48806b75d4a58dd4ab8df4
SHA256d6f8f9fead2382a96abe3f275b83cd6e334122d3707156eecfd11d3d1925c90b
SHA51255d49fa81aac28222e26ec08ee61c25cb1c417a4f1414c9f682a9330ae14d4540f62e8e5c287a69d37696900e374648fecc5880ec45b473942d3ebda83f04c26
-
Filesize
293KB
MD519608007517a043c55f903b8cebef30a
SHA1d92f891595783a892b68b7abb237120611df5fc1
SHA256afb593c4b7f3acbac687591e3caa4cc249dd995fb7438b19fc2888264164be66
SHA5127867b74059b2ffc224b53027b2fcc595251fdbf0bedb8154b199d4b655a9b64ff4b41deabd5f05db7098516c0f719901352d462abe3af286f41455aee5ff69c4
-
Filesize
399KB
MD5a38f16f061f705c9c8f65b2fb0615fc6
SHA186e40bd4de6a71d26cd1158d74cde27af91959bb
SHA25649233f85a87dafda888d2b11d0b69068ac89c8961090ece3353b8ed5e5e37cf8
SHA512c2267e53fcc06eb9747a4475f3be8b1c0c247f5851e383956483d5e2c52c777a719f83905ff2d42d4fa33c6b88179abd3cd9e0109790696371522987816a8646
-
Filesize
387KB
MD529c126aeb9fed4b418d284b349b9d1fd
SHA14e05cea00785ada4e872482fab8b9898333e8a11
SHA256015b487cf86618cc22d80339673cab8b0c6ef8f226085e01a2605c450e05af9a
SHA512c96175903b5558a673b4374680224de32e5561b81c66c6faee4b0eb109a276a1a781d351cf7aef54fe6a04031016a1b64a72708949a39595ebec61661cdad1d7
-
Filesize
292KB
MD535e984f63caac2406958dd9b89b3f34c
SHA177ec0a861b7fcc8975d4eea0d3f86398fb8ce7a8
SHA256498e3683a7daec2253fc7a6b18f4b7fb12a69733f593ee346030117e4dc01de3
SHA512153553014c047269c3b80c4c021524e95106de595158dbec5ee5e9c76f9fdc959a8d0a967a4d44ddd72bb258d5888b325f250ca059b9b35fd6e0a4e460e03f02
-
Filesize
150KB
MD5fffddf127e199303b3d127f276412fbb
SHA1c8a0d0b101b440e31c5dd23c4fe2937454ce8e0d
SHA256d8a6e4a2b3e0c73221c632e5a32e8db190014772a3cff03c9967fd81349d956d
SHA5121b19c0916cce5542ccbf8225c1146beee94bad1dfe16065ec1b739798e49366af695cc23fc51ead3f3c2f9be4ce19abef75fc404cdb4657399b6bc06ef6589aa
-
Filesize
560KB
MD544f0ae1216c45bc2266b6fb37f538ed3
SHA15620627745e05401e90e55bf108ddecb08c61cd1
SHA256e69344ccd19f6443c1152b235e911ae974f41daefd5121bf5ae7f1b9137e7021
SHA512ac7c4b07bf03870403c21b77ce1f865eb9a4598a99f8d8a632c5ff5e03ddab77c59923fac56875490c20fcb7e724535d8a618c90ec8c1e7e2412cf1cd202de7c
-
Filesize
339KB
MD5438b880d292af0ed53355a9d50b80fc7
SHA1b676f2e0d9336a86e44ed3ff9b8a38ae091ed330
SHA2568e60aa7d5a088a1348d6b126144b20e35233d5900eccfca8305825b1a2d2cdb0
SHA512859c372ac06333c14b3a52ec24ba629c11e6fb03cb7b5dafcaa454616bbd25b90a9d2676be7275996dfb1038479cdf6ba7300dcd2b7f432dd7ec981a23c4ac83
-
Filesize
691KB
MD55248b5cafaa6fe303c94a02e7e2e13c6
SHA14c2b2e6000894605ba124db2acca868265a49076
SHA256027b8757e864d3594511757d237dfb0e180c49e61b5d62f6616b758cf8c4f7ac
SHA5123a6f190789bd6bcadc48ebf931673b7b6dba3c19f4b190acfc2842466114a9fc980940a0be6cca06fdae7cecb616c28b4ab711b8e1b5e51e97850951aeb740bb
-
Filesize
1.0MB
MD5364089bf4fb01cb1dbad42ca96417a95
SHA1dd4778e76d9478c5dc59d51cbbf12429da61797b
SHA2564551e4883d4ee92782c3c3dda9e0a15a6d25b8fa8beff3211ba691e453476810
SHA5127bc03e746540f34ea46d8e5e4f867e4740e38154521b6e03fc686ee4a8691513fda0454696e3dfe1c3f3cbeb075c82ad1ece152cf951b36434078c6defd9f325
-
Filesize
681KB
MD59891a0369b68c23ed77b090db5bdea46
SHA1f132584ce1e6d89ba07c5a36d00e02ff54e50b9e
SHA256281f2e9b1c380488aced6daa2932621582d3a1c563ccc3fc5daf50aa5240aa6e
SHA512a2673a62faeb92d8e702be7c4d23598e97b28c90ee08b7a6313ff8362f54bd9495931039f6702e47c8aa33a935d5c3bc3cd446f715de0cdef676f135cab4cc68
-
Filesize
740KB
MD503f3e6d0cbc8388aba52cf7136d8bc51
SHA13f0c771ac551deb262d64cd50b0c795f1869b0fe
SHA256de766bce3cd2908b1ffb59c6927ad10246f72637c65574dbf2dbee83861fbe68
SHA512bb38d6d7c6f967f1c53341482755b80f87e214b987b60c4aa90a55f54d8f957a775859bd8274a16649090db7294d3695ea566c7f7a77b3870a263eda8ad85bf3
-
Filesize
4KB
MD59814d1c189bd38984ff5279e3fe28588
SHA15675dca58c1a3792a848a64aae340d989935a02e
SHA256037fb52a17a203f199d2e1aa6bd63f87c14c1b0af38e09d30206f8b112a95b19
SHA512f38715691e977d77785817c5d9301be37f87726b7b9162deb8628b4ec553d9e531c25cda94d9ad97f03fe0bec9f091f8c7a6c915373866056d0522e9dbebac34
-
Filesize
320KB
MD5bc5da83795b587fb1dfce2d6bef2d176
SHA1ccfd73ae06c12385a19f0cc836ac8a8bfda8c8d0
SHA256d8539aec2e01d20b840f4c35ae675eca7f85de828282d03c4aabad6034cd8ffb
SHA512503399a12376fd8036d2cc89cfb0652038e708dc9f098c55dfd19c04ff0646ffce31ecbfd84271ad2334058a2aa074bd53f96483d1fcb32bdacdc4a965957ff5
-
Filesize
3.0MB
MD5c309cb9865dfc6dbb7f977f4c0f722c0
SHA1b3a7d7fbedfeb6edd951f4b5d9a28b2af44dbfe9
SHA25651472e512316807270d85560bf6e3030355007c36a4f74d59a286411bb5378b5
SHA512a70067011aa20c814d927e628e229800b0ea6918be755dae17d27edb5ea5072de595d115cd134a8d77ab87e323657b6a0a22e31dbf6a74278e07219e64960797
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
408KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
344KB
-
Filesize
7.7MB
-
Filesize
584KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
224KB
-
Filesize
4KB
-
Filesize
3.1MB
-
Filesize
7.7MB
-
Filesize
7.7MB
