General
-
Target
b6cd037fe70e5764a97394718f0b1580_JaffaCakes118
-
Size
396KB
-
Sample
241202-e4a6wszld1
-
MD5
b6cd037fe70e5764a97394718f0b1580
-
SHA1
798fd84974c00a3997d7294f3e3f7a7f3cf1fb2c
-
SHA256
c8f25e1a5059b1ce98d283782b13969e59d1984c7b106748de9ccfdc3a7a9b34
-
SHA512
e252bbc8a67bf2cc98ed14269f14e307bff17e348bc1fb2d242c10f1e718e87813f919126e90128b394d1377db4948540f3859b0fccc5845df3b1ccf126db10d
-
SSDEEP
12288:bj40+VUy505by13Q3vTRSVEB0dSFiuoo444oYJk:v+Vs5byO/AVEhFYJk
Malware Config
Targets
-
-
Target
b6cd037fe70e5764a97394718f0b1580_JaffaCakes118
-
Size
396KB
-
MD5
b6cd037fe70e5764a97394718f0b1580
-
SHA1
798fd84974c00a3997d7294f3e3f7a7f3cf1fb2c
-
SHA256
c8f25e1a5059b1ce98d283782b13969e59d1984c7b106748de9ccfdc3a7a9b34
-
SHA512
e252bbc8a67bf2cc98ed14269f14e307bff17e348bc1fb2d242c10f1e718e87813f919126e90128b394d1377db4948540f3859b0fccc5845df3b1ccf126db10d
-
SSDEEP
12288:bj40+VUy505by13Q3vTRSVEB0dSFiuoo444oYJk:v+Vs5byO/AVEhFYJk
Score10/10-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1