stormkitty

General

Target

XWorm 5.6 Cracked.zip
Size

24.2MB
Sample

241113-xax3nswpgx
MD5

353c221103efd60bd38f1625a21c80d7
SHA1

414e3eb44d636a628b455a4d8b2997cb06564f14
SHA256

e0be40f12d3b6dfee674688d514287be2dbedbd114ec37356b610e25996ac9a4
SHA512

2d94d46d43afaa43b7515f06455525008601c77cdf5663e3f28220917d2c8b7a9ca0423a521edac56fb51e45dd6264168db101018ed4e83ccc0d46a123cdd7f1
SSDEEP

393216:wyazqFXFeuBc9Q+FpI3zDuG9YCMeg7kjuABAKbybbF6s5eNYJkY29QEH4k:wyVFXDBYQw23fkkjGKOj5eXPQEYk

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

I5KjeGkFrAlxFhNu

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm 5.6 Cracked.zip
- Size
  
  24.2MB
- MD5
  
  353c221103efd60bd38f1625a21c80d7
- SHA1
  
  414e3eb44d636a628b455a4d8b2997cb06564f14
- SHA256
  
  e0be40f12d3b6dfee674688d514287be2dbedbd114ec37356b610e25996ac9a4
- SHA512
  
  2d94d46d43afaa43b7515f06455525008601c77cdf5663e3f28220917d2c8b7a9ca0423a521edac56fb51e45dd6264168db101018ed4e83ccc0d46a123cdd7f1
- SSDEEP
  
  393216:wyazqFXFeuBc9Q+FpI3zDuG9YCMeg7kjuABAKbybbF6s5eNYJkY29QEH4k:wyVFXDBYQw23fkkjGKOj5eXPQEYk
Score

10^/10

stormkitty xworm discovery rat stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contains code to disable Windows Defender

Detect Xworm Payload

StormKitty payload

Stormkitty family

Xworm

Xworm family

Executes dropped EXE

Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2