stormkitty

General

Target

Discord.AIO(1).rar
Size

5.5MB
Sample

241125-fgk81szjew
MD5

3d588221b2c9781893e7b1ab01dc3fca
SHA1

b5b04487b86a3cb53acff6bb28987567460203bf
SHA256

0e4eb858a365905513d5a052b94a350f257a968cbb2c33245e18df8f7e36d9e1
SHA512

a44d7cb00117c82dcbd797c5c3baabafda957174200cc0a914ff6bd80078816133be874dd12b6c11c6cb7312d1590f015b4231714b0cbd411b8e923ef97f18d1
SSDEEP

98304:ln8/RJ25ew2yquO6/6mC1POC/vKfu+QQLUqnsjJcTIRUKKnI6tw0/lO8jraVv2pe:lnGIj2juO6/671POeEuNQQGcJcSK520K

Score

10^/10

Malware Config

Targets

- Target
  
  Discord.AIO(1).exe
- Size
  
  6.5MB
- MD5
  
  7adc6022bb09db5e263fb294aaab2566
- SHA1
  
  77746a413c35573521c14eba036a2da5da68526a
- SHA256
  
  54bb1a394197df666003cd83a607b364b373c32df999c51f3c14bb830fc776ee
- SHA512
  
  21922589a3dc6fd2ccf4545dceb15249ca8882d946d9a29a90248dec55ed41b719d9d835381e0115a10d58957dbbc7ac3a277c2e1e88f398c672bed8e249a11a
- SSDEEP
  
  98304:27w0WYwOYA4vWVU4fgcmnH3EPIL6yFs9u/FpboNe7mZD7JOu9mq2Jo2N/03FIgcG:ts4vkmXas+6cOGR2JFNmWZCZ
Score

10^/10

stormkitty discovery phishing spyware stealer
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Stormkitty family
  stormkitty
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: i|Q@wizSCql
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1