stormkitty

Resubmissions

11-11-2024 18:26

241111-w3hm1ssmd1 10

11-11-2024 17:59

241111-wk5ptstamb 10

11-11-2024 00:19

241111-al9vaaxnev 10

Sharing

Copy URL

Twitter E-mail

General

Target

XWorm V5.6.zip
Size

24.5MB
Sample

241111-al9vaaxnev
MD5

27065dd8016564f65a5444d70a9daad1
SHA1

1be1151330b7b0f12c486e9e36a1fa682adcac50
SHA256

7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
SHA512

fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
SSDEEP

393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

Ojtj1wtOi1NUsFwl

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.6.zip
- Size
  
  24.5MB
- MD5
  
  27065dd8016564f65a5444d70a9daad1
- SHA1
  
  1be1151330b7b0f12c486e9e36a1fa682adcac50
- SHA256
  
  7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
- SHA512
  
  fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
- SSDEEP
  
  393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R
Score

10^/10

stormkitty xworm discovery rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Contains code to disable Windows Defender

Detect Xworm Payload

StormKitty payload

Stormkitty family

Xworm

Xworm family

Executes dropped EXE

Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2