stormkitty | 7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.6.zip

windows7-x64

1

XWorm V5.6.zip

windows10-2004-x64

Resubmissions

11-11-2024 18:26

241111-w3hm1ssmd1 10

11-11-2024 17:59

241111-wk5ptstamb 10

11-11-2024 00:19

241111-al9vaaxnev 10

Sharing

General

Target

XWorm V5.6.zip
Size

24.5MB
Sample

241111-wk5ptstamb
MD5

27065dd8016564f65a5444d70a9daad1
SHA1

1be1151330b7b0f12c486e9e36a1fa682adcac50
SHA256

7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
SHA512

fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
SSDEEP

393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R

Score

10^/10

stormkitty xworm discovery evasion persistence privilege_escalation rat stealer trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm V5.6.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral2

Sample

XWorm V5.6.zip

Resource

win10v2004-20241007-en

stormkitty xworm discovery evasion persistence privilege_escalation rat stealer trojan

windows10-2004-x64

29 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

npCjKGoBzBFLsWVA

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.6.zip
- Size
  
  24.5MB
- MD5
  
  27065dd8016564f65a5444d70a9daad1
- SHA1
  
  1be1151330b7b0f12c486e9e36a1fa682adcac50
- SHA256
  
  7c62a831647b0234a097ff94b160e0534d7c465d7bbd6fca8953c951a55157cf
- SHA512
  
  fcf41ba034133fcb7f91936fb16a6b59503a9016a78079c61fd692edec24a7e3daadf8ae2459d36ecd6c72dff9f8835355ea8cc7d20455d3e0922d74f7337435
- SSDEEP
  
  393216:VyavqxXFeuBc9Q+Fdt6ieJS9xCZGb7kjjJ6AKbKrbdcjXo50Ko+Y2ToxYv:Vy5xXDBYQwn63qkjBKego5Ho+R
Score

10^/10

stormkitty xworm discovery evasion persistence privilege_escalation rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- UAC bypass
  evasion trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

behavioral2

stormkittyxwormdiscoveryevasionpersistenceprivilege_escalationratstealertrojan

© 2018-2024

Terms | Privacy