stormkitty | 20d451a0dfdbe692e40dd450812ebb94e7b04430acc0de77cecfa4daf1a99e95 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.6...at.zip

windows7-x64

1

XWorm V5.6...at.zip

windows10-2004-x64

8

Sharing

General

Target

XWorm V5.6 BypChat.zip
Size

24.5MB
Sample

241202-yae3javmbr
MD5

5116c90421cd33a0f65ddb7db5b375a8
SHA1

cc64c23d3499d281ff4157196cb6cf767ce81b16
SHA256

20d451a0dfdbe692e40dd450812ebb94e7b04430acc0de77cecfa4daf1a99e95
SHA512

b9ed3129540e815d24df87a81af4bcd32a27e8585d43059abd073a39ef4349df538ec5b2d61b5705ea167084eb45a16d8edac5fe584eaf40e6a67d3eb7965e11
SSDEEP

393216:LyavqkXFeuBc9Q+FMIZeL859fCGcJ7kj3HHAKbTmbubKXo50Ko+Y2ToxYC:LyxkXDBYQwNZK5kjQKRIo5Ho+0

Score

10^/10

stormkitty xworm defense_evasion discovery persistence

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm V5.6 BypChat.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral2

Sample

XWorm V5.6 BypChat.zip

Resource

win10v2004-20241007-en

defense_evasion discovery persistence

windows10-2004-x64

26 signatures

1800 seconds

Malware Config

Targets

- Target
  
  XWorm V5.6 BypChat.zip
- Size
  
  24.5MB
- MD5
  
  5116c90421cd33a0f65ddb7db5b375a8
- SHA1
  
  cc64c23d3499d281ff4157196cb6cf767ce81b16
- SHA256
  
  20d451a0dfdbe692e40dd450812ebb94e7b04430acc0de77cecfa4daf1a99e95
- SHA512
  
  b9ed3129540e815d24df87a81af4bcd32a27e8585d43059abd073a39ef4349df538ec5b2d61b5705ea167084eb45a16d8edac5fe584eaf40e6a67d3eb7965e11
- SSDEEP
  
  393216:LyavqkXFeuBc9Q+FMIZeL859fCGcJ7kj3HHAKbTmbubKXo50Ko+Y2ToxYC:LyxkXDBYQwNZK5kjQKRIo5Ho+0
Score

8^/10

defense_evasion discovery persistence
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Indicator Removal

Clear Persistence

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

behavioral2

defense_evasiondiscoverypersistence

© 2018-2025

Terms | Privacy