stormkitty | 3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110 | Triage

Submit
Reports

Overview

overview

Static

static

Realtek.exe

windows7-x64

Realtek.exe

windows10-2004-x64

Sharing

General

Target

Realtek.exe
Size

80KB
Sample

241123-rxr72swpgy
MD5

9bcb1a253d07b610da76fd22ad176c9d
SHA1

e5f8196083beab009db092fe891e88551393b247
SHA256

3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
SHA512

1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744
SSDEEP

1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn

Score

10^/10

stormkitty persistence stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Realtek.exe

Resource

win7-20241010-en

stormkitty persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Realtek.exe

Resource

win10v2004-20241007-en

stormkitty persistence stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  Realtek.exe
- Size
  
  80KB
- MD5
  
  9bcb1a253d07b610da76fd22ad176c9d
- SHA1
  
  e5f8196083beab009db092fe891e88551393b247
- SHA256
  
  3cf37367797ad61761ab44b22ec80c206d31411a604106d061be6935787b8110
- SHA512
  
  1d0729cbff3905f937a59a9e56ed4c65cb805395cc430035b45bb82e1b06d8cfa490466d3661ade18b05e4be74ba642df1b61c03dbf7f22740373687261c5744
- SSDEEP
  
  1536:FZno9xptw8VGHE1uWdas6vKPHvfpK3I5hxS9a/voKxjzxtV3wFrD:F+bZPfpK3g69a/voKhzxtdwFn
Score

10^/10

stormkitty persistence stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stormkittypersistencestealer

behavioral2

stormkittypersistencestealer

© 2018-2024

Terms | Privacy